Running on port 28 doesn't really add any security to your system...that's called "security by obscurity". This is the same security model Microsoft uses, and we all see how effective <i>that</i> is. If somebody wants to hack your box, all it takes is a quick port scan to figure out you're running an FTP server on port 28 rather than 21. Just run the server on port 21 and make sure you've got everything covered.
- Disable guest/anonymous accounts, or at a minimum disable uploads.
- Make sure that you've configured your FTP server to treat your FTP directory as a root directory, so that people can't back up the tree and get to your files. On a linux FTP server this is called a "chroot jail".
- Make sure that if you give access to individual people that they pick "good" passwords.
- Keep your system patched (including your FTP server!!) to prevent any known loopholes from getting exploited.
I also recommend running your FTP server on a second machine. For added security, it's trivial to set up an FTP server on a linux machine (most distributions come with an FTP server already installed; you just need to enable it). That and running a web server are great ways to "get into" linux gently without ditching windows completely.