you are correct....and this is exactly why ioftpd has "disabled" the abilty to do fxp with auth gives people a false sense of security. as far as I know, there is not a single server out there that supports server to server transfers encrypted. I believe ioftpd is still working on a solution.
