Ok, first I'll admit that I haven't "looked myself". That is to say, that I have not actually compared ProFTPD to WU-FTPD.
Disclaimers aside, how long have the people at SecurityPortal been saying that WU-FTP is just a bad idea? A real long time, is the answer. They have taken flack over it, but there reason time and time again is that WU-FTPD is just a disaster area at the code level. That's what leads to all these exploits. They argue for ProFTPD, because it is purported to have a better code base. Now, I can't speak to whether that is true or not, but I can say that WU seems to have an abnormal amount of exploits.
Which leads to my question: why are people using WU? Does it have more platforms or more features? Is it just sentimental? Why?
This also leads to another good question: when is it time to rewrite from scratch? I think of sendmail and how most people choose another MTA because of similar problems.
As for those who are not running production systems, naughty you! First, where's your firewall?!? Second, why are you running statd or ftpd exposed to the world?!? I trust neither. I use a one-way filter to send mail out via sendmail and inbound ftpd connections are not supported either.
Veritas otium parit. --Terence