This is what makes it quite easy.

What happens here:
It is not only the login that is managed, it's the whole file handling.

You connect yourself with www.web2ftp.com. Your entrance dates can be stored on purpose automatic (maybe also without bad motive at first, however, imagine the company is taken over or hacked) or by chance. Maybe it's only an accesslog where they are stored and through coincidence they come into the net.


Furthermore (now I can only presume) the files you want to upload are reached to the web2ftp-perlscript and transmitted to your wish server.
It is easy for the script to analyse your files, store copies and to modify before they land on your wish server.

I am sure, you can imagine more misusage.

regards,
Niko