I agree the blog post should warn about it - but it can be perfectly secure if you do it correctly. I usually put all public files inside a directory inside the repo, e.g. public_html, and/or block access to dot-files altogether in the server configuration. E.g. in Apache 2:
<Files ~ "^\.">
Order allow,deny
Deny from all
</Files>
Isn't that what FTP is most known for - being insecure?