Here a brief explaination on the security on Passive FTP.
This has the same impact on the machines running passive ftp now a days
As you know, FTP is a TCP/IP application-level protocol—not a Microsoft invention. Passive FTP is described as part of the FTP protocol specification in IETF Request for Comments (RFC) 959, which you can find at http://www.w3.org/protocols/rfc959. Before I explain passive FTP (sometimes called PASV for the actual FTP command that requests this kind of connection), let me review how standard, or active, FTP works.