That kind of depends on what kind of transfers you want to make. If it's a single shot file, FTP is probably going to be faster than HTTP. And FTP would also be a bit faster than HTTP 1.0, because neither of these protocols allow picking up TCP sockets (and yes, there are still servers out there that don't run HTTP 1.1). In terms of security, both are bad. Both have various attack vectors and neither is build to be actually secure. If you want it secure, use HTTPS (and for heavens sake, check the goddamn certificate on the client site, otherwise you are still vulnerable to man in the middle attacks).