Ok - I made the assumption that your (s)FTP was publicly available over the internet. (It’s safer if not, but then you don’t get the benefits of syncing from anywhere that I get.)

If your FTP is open to the internet, you are now responsible for alerting / monitoring, IPS/IDS, proper config management, routine automated patching, IP allow/blocklisting… all of these things require regular maintenance. Even if you stick it behind a VPN, you will need to patch, alert on, and configure the VPN and everything behind it as well, as VPNs can be compromised.

That’s why, unless I really wanted to spend time hardening the spit out of it, there’s no way I’m self hosting my passwords. I’m happy to just pay a password manager to handle all of that.