Next time, if you really care about users security, it would be great if you inform us via email, PM or something like that, before spreading this further into the web and by this increase potential risk, instead of helping to solve it

And adult wording in such serious topic would be helpful as well, to enable us taking it serious and constructively. Otherwise it looks and feels more like an attack for whatever reason, instead of a security advice/hint.
But we got the point and working on a solution to disable folder list and read permissions, as well as bringing data directly into secure locations. Until that, FTP server disabled for now, as mentioned by Fourdee. So thanks for the hint after all, just please be discreet, if it should be necessary another time.