From a security standpoint, I agree with Mats. FTP code is very old, we have found bugs in it before and I don't think it is safe.
However, as long as people are using it, I don't think we should just remove it without having some kind of alternative. Another approach that was discussed before in Necko is to only partially remove support: As Mats pointed out, our FTP implementation supports a broad variety of servers, most of which are likely no longer seen in the wild. We could simplify our FTP implementation to only support was is actually currently used and remove a lot of old archaic code.
This would require a Telemetry probe that is more precise than just protocol usage and ties into the ParseFTPList code.