[worstenbrood]

You can actually use ftp with implicit/explicit ssl, makes it as save as any other plain text protocol (smtp/imap/pop/...). They call it FTPS.

[lub]

TLS doesn't necessarily mean everything is encrypted with FTP, because data and control channel have to be encrypted independently.

See for example https://security.stackexchange.com/a/115565 or https://en.wikipedia.org/wiki/FTPS#Secure_data_channel for more detailed explanations.

Most of the time both are encrypted when configuring TLS, but it's not as easy as with IMAP or SMTP where you basically disallow all commands except STARTTLS.

[worstenbrood]

If you use implicit tls/ssl, not using starttls, the data channel should be using tls/ssl too.