I absolutely 100% completely support the addition of SFTP (TCP Port 22) file transport. I am the head of cybersecurity for a fortune 300 company and we have stopped using FTP years ago due to its security risks, as well as the issues of PASV controls, etc.
All OSX devices have SSH/SFTP clients that can be used, as well as code access to it via the Dev libraries.
I would recommend that SFTP be provided as an option, but not removing FTP for those specific needs where required.
In regards to passwords... Stu cannot HASH them, as they need to be passed to the server (ex Wunderground). If he hashed the word "
Password01" using unsalted SHA256 it would be stored as "
8675AEF58258098B5BFF8014A246BB5BE62DF4E9CCC1D59B4D991F93050739FE" then if he passed that hash value to Wunderground it would not work, as Wunderground is expecting Password01 as user input so that it can hash the input using its algorythm and salt/pepper. The security of a hash is that it is mathematically infeasible to reverse the hash back to the clear text.
Hashing is extremely useful for comparing passwords (you send Password01, the webserver hashes your input and compares to the stored hash) but horrible for using as an input unless both ends of the communication are setup to not hash the hash
As we are on OSX, using the keychain may be another option, it is encrypted, not hashed for the very reasons mentioned above. Another option would be to AES encrypt the data in the PLIST files so that they can be decrypted when needed.
In regards to "salt" this is slightly better than not using it, but adding pepper is prefered
https://en.wikipedia.org/wiki/Pepper_(cryptography)
Sorry -- the security geek in me hasnt had enough coffee yet