I strongly recommend ditching FTP and using SSH/SFTP, (even if you use a pre-shared key with no key password), you're still getting more security than FTP could offer.
Nothing against SSH, but I want to keep my file transfers graphical. Really not interested in doing that by command line (nor in having a debate about it)...
If you really MUST use FTP, try setting up FTP using TLS/SSL encryption of the control channel, so the password isn't sent in plaintext.
I understand and agree with your point about the password. Keep in mind that this data never leaves our network: the local machine and the Apache server are both on our * intranet * physically inside the museum. Nothing gets sent outside of our walls. However I welcome you to come visit in June and set up TLS/SSL for us.