Setting up a ProFTPD install that allows PASV mode connections requires that a range of ports is forwarded from the NAT to the local network. This could be a security hazard, but since you can specify what port range to use, you are still able to setup relatively tight firewalling rules.

To be sure that you have no other processes listening on the ports you have specified for Passive FTP, use a port scanner such as nmap:

  nmap -sT -I -p 60000-65535 localhost

If the result says something like

  All 5536 scanned ports on localhost ( are: closed

then you should be safe.