Nobody seems capable of writing a secure FTP daemon, all of the popular ones have had problems recently. Even when working properly FTP doesn't encrypt passwords, so if it's possible to use something else I'd strongly advise avoiding running an FTPd.
If you do run an FTPd you MUST keep up-to-date with the security updates, for example all of the popular Unix FTPds have had serious security problems this summer. The NT ones I looked at actually seem to have a slightly better record, but this is clouded somewhat because non of the ones I looked at even mentioned security problems on their homepages, even in the cases where know problems have occured.
I'd recommend changing the banner your FTP server gives out. It's a bit of security-through-obscurity, but I think in this case it's probably worth it. It means people don't know which of the many exploits to try - and they will hopefully find somewhere easier to crack.