I'm pretty sure justsid can tell you more about security issues, what I wrote is the bare minimum you can and should do.
You know, I really wanted to from the get go of the thread but kept my mouth shut, but...
Now that it works, What security breaches does this cause?
All of them! You are putting both your server and your client at risk. As Firo mentioned, you are putting the credentials of your server into a binary that ships to your customers. So the customer can basically do whatever they want. You can try to combat that by constraining the user rights, but that's error prone and you are still doing something you ideally don't want to do at all. Basically the risk you are getting into here is that your ftp server becomes an anonymous drop for warez and porn, as well as kiddies just emptying out your server. If you like both waren and porn and aren't afraid of law enforcement, this is the way to go.
And then there is the client. FTP is not a secure connection, so it's prone to very easy man in the middle attacks. It'd be trivial to get the client to download data it never wanted to and there would be no way for you to verify the authenticity of the data. Getting a client to download arbitrary data and potentially even executing that with the permissions of your game (potentially admin rights, woop woop) is... Well, maybe not exactly what you want to happen.
The ideal way to go for this is to use a secure connection. HTTPS in particular. Since you know exactly what server you will talk to, you can easily (and definitely should!) pin the server certificate on the client and verify that you are really talking to your server.
Out of the box, Gamestudio does not not provide methods to either open an HTTPS connection nor does it provide methods for certificate pinning. You would need a DLL for that.
