I had a situation a while back regarding FTP and SSIS. I created an package that included sending a resultant file to a client. The package worked flawlessly when I ran it from my development platform, but moving it to production it would fail. I would get an error that seemed to be related to permissions (I unfortunately did not save the error). It turns out it has to do with the default nature of SSIS and sensitive information (like passwords).
For SSIS to extract the username/password from within the FTP object it has to decrypt it. Since the production user is not the same as the developer, it won't have access to it. To fix these we use configuration files and make a change to the package:
The above change tells SSIS not to save any username/passwords, but does not explicitly say you will find it in a configuration file. You add a configuration file to provide the username/password otherwise when you run the package you will get an error telling you the ftp username/password was invalid.
I will post about the methodology we use here and why we choose configuration files over embedded passwords.