There are a few factors to guess though, first you have to get the 8 digit long account id, along with the first part, which could be anything, then if you get a virus, it can do anything. Temporary hashes are good ideas, I know thats what cPanel use.
It would be a good idea, but the MonstaFTP program I don't think, comes with that. Maybe suggest it to them? But then all FTP password would have to be hashes, then it gets complicated. Because MonstaFTP connects straight to the ftp server.