The remote host is missing an update to gftp announced via advisory DSA 084-1.
Stephane Gaudreault told us that version 2.0.6a of gftp displays the password in plain text on the screen within the log window when it is logging into an ftp server. A malicious collegue who is watching the screen could gain access to the users shell on the remote machine. This problem has been fixed by the Security Team in version 2.0.6a-3.2 for the stable Debian GNU/Linux 2.2. We recommend that you upgrade your gftp package.