When i wrote the program i thought something like "why
bother? It's me own FTP server anyway": I wrote the program
to automatically copy files between 2 servers. When i
code i thought the same. Later i decided to use it to mirror
other servers, too, and even later i decided to make the
available to others ...
When i read about the scp security hole on bugtraq i suddenly *knew* where to look into.
The lesson? Don't allow bad code to exist, even for internal use.