SHH is way, way more secure. FTP can be brute forced fairly easily, and
most web servers have brute force attacks on their FTP going on a good
portion of the time. SSH, using a key rather than a password, is effectively
impossible to brute force. So for security you would disable FTP, and
set SSH to use keys rather than allowing passwords to be used for SSH.