One more annotation: Due the fact that FTP in general is not a secure protocol, WebDAV is preferable and AFAIK used by most hosting control panels. On a shared portal,granting FTP access is not advisable, for uploads shall only be possible into the portal directory, which is easily accessible via Admin File Manager in DotNetNuke.

yes, portal directory is ~dnn / portals /[portalID].

AFAIK both, Skins and Containers folder show up after a recursive sync, though this may change in the future, but the new installer in DNN5 will handle Skin packages as will and provide install and uninstall.

If your allowing ftp then your opening a security issue. Regardless of the type of site its a security issue. The only file access my admin's get is limited folder access to a select non-important folders. All controlled via DNN's file manager. I had way to many issues with people altering my config files or adding non-DNN pages without telling me. Now with DNN 5.0 at some point the admin menu will be broken apart, so you can control who has what access. Might help with the skin security piece, cause you could give portal admins rights to add pages etc, but no access to upload skins. This should make skin security a decision of the Host. Once the Host has control over skin uploads then its even less of a security issue, cause the host can then force admins to contact them for skin upload. Most admins I have tend to be barely smart enough to manage a few pages on their sites, moreless know how to scan a html file for possible malicous code. If and only if I could block the skin upload would I consider it. Yes I know its very insecure right now, but that doesn't mean we should make things even less secure. Now once the new security model is in place I say why not? I would like to see the parser warn the the user when it finds a html with scripts in the skin. There has been a bunch of late nights for me and if I have an admin wanting a skin I might miss the script when scanning through the html. If the parser would outline in red any scripts it found though it would save me time and trouble having to scan every html skin I want to upload. I already have to scan ascx files and its a pain as it is. On a typical week I upload around 20 different skins for my various admins. Right now 99% of them are all html based skins, so its not too bad.