Setting up a ProFTPD install that allows PASV mode connections requires that a range of ports is forwarded from the NAT to the local network. This could be a security hazard, but since you can specify what port range to use, you are still able to setup relatively tight firewalling rules.
To be sure that you have no other processes listening on the ports you have specified for Passive FTP, use a port scanner such as nmap:
nmap -sT -I -p 60000-65535 localhost
If the result says something like
All 5536 scanned ports on localhost (127.0.0.1) are: closed
then you should be safe.