At first glance it looks as though it is essentialy a protocol designed to thwart sniffing of data rather than protecting access. I think the vulnerability of most FTP sites will be due to malware on peoples computers or sites they visit compromising the security of the remote servers by giving away the usernames or passwords that they use. That kind of vulnerability isn't addressed by having a secure protocol.

Anyway, I'm sure it is useful, and is helpful but I suspect it doesn't address the most common reasons why most people get their servers infected. I entirely take your point about the hassles caused by the bad guys and my thoughts may be entirely wrong.