the majority of ftp sites use no encryption, i wouldn't have a clue how to set it up. Yeah using secure passwords basically means letters and numbers.
Recent advice suggests the old idea of long passwords is still very effective. It takes longer to crack a long, but not necessarily over complex password than a short and very complex password (apparently).
So yes dont use proper or real words, dates of birth etc, mix in numbers and sybmols as you please, be as random as you like and make it long.
Secure HTTP would be better for secure file access if that is what you are trying to achieve as you can use SSL encryption and people can still list directories and download files fine over HTTP.