WARNING!

[System Janitor]

 *  
 *  Ummm, unless you wrote your own ftpd, the standard BSD one explicitly
 *  chroot's anonymous FTP requests to the logon directory of the user
 *  'ftp'.  In every system manual, where I've seen how to set up
 *  anonymous FTP, it mentions this, and tells the system manager never to
 *  make the logon directory be '/'.

But the man page for ftpd (usually) also says something like:

          ~ftp/etc) Make this directory owned by the superuser and unwrit-
                    able by anyone.  The files passwd(5) and group(5) must
                    be present for the ls command to work properly.

... and they never warn you to delete the encrypted password field 
from ~/ftp/etc/passwd. Lots of people have their *real* password files
available via anonymous ftp, and the manual more or less *tells* them to 
do it!

-Mike