I want to mount a remote network share as a folder in my vfs files. I've never done it before, but I've read up on how to configure my vfs to be able to do it. But since the client logs in to the ftp, but actually downloads from the 3rd party computer, what's to stop someone from sniffing the remote share name and IP and just browsing the share without logging into the ftp? Or does this work sort of like FXP, except in this case server gives a port command to both client and share server for the download or upload to commence?

The ftpd computer is the gateway for any information the client gets.
The client has no way to know where the information comes from; a HDD or a remote share.

this doesn't seem to be working for me.

Is it necessary to add permissions for "anonymous logon" to the share? I've added the share as a "Network Place" with the password saved on the ftpd computer, and I can access the share from the ftpd computer without re-entering the password, but io can't seem to access it. Is there a default user name and pass ioftpd uses to connect to a share?

You have to do a "net use ..." before using it with ioftpd (even if there are no local disk created)