Youre right, but are there any known security flaws?
Maybe it would be easier to maintain web2ftp than reinvent the wheel.
Ispcp does it also this way. Maybe both projects could share resources for that part?
P.S.: Nice to see you still care about froxlor ;-)