There are ways that users can upload content and you can feel safe, too.
Tools like ASPSimpleUpload, and ASPUpload are out there to implement on your site. They would offer better protection than FTP, because you can control what file types can be submitted through your form.
Customize your script to allow only the file types relevant to the files you want uploaded. For example, if you only wanted images, you could set a conditional statement to look at the last three chars of the file extension. If those letters = "jpg" or "gif" then the script will continue to process.. otherwise, Response.End()
I have something like this working on my site, www.phoenixlarp.com