<< Does anyone know which FTP server Mandrake 8.1 installs? >>
mandrake uses proftpd, which is gaining in popularity largely because of how buggy wu has proven to be time and time again.
the sftp included in openssh is secure and reliable, but as you said you don't expect everyone to have ssh installed (might this be a good time to force them to?) when talking about ftp described in the RFC's, there is no such thing as a secure client because of the clear text transmission of passwords.
wu makes it just a little easier to exploit the host. proftpd will take a little more time is all.
edit:
lilcam, i'm 99% sure you are wrong. mandrake doesn't use wu (although i believe it is provided on the cds). i think redhat installs wu by default though