The timing is probably a coincidence, but yes - sending email does
largely mean your message is available in plaintext across the internet. Even if you and your recipient have encrypted connections to your respective endpoints (smtp for you while sending, pop3/imap/webbased-whatever for him receiving), there's no guarantee
that intermediary SMTP servers will do encrypted traffic.
Please don't expose FTP servers to the internet, the protocol sucks and so many of the ftp daemons are riddled with security holes. Set up an SSH server so you can do SCP (there's decent enough Windows GUIs for it), and it lets you authenticate securely via public-key encryption (remember to turn off password-based SSH access, that way you're not bruteforceable).
Oh, and if this is a linux server, install something like fail2ban
. It monitors log files for suspicious activity, and firewall-blocks IPs (temporarily or permanently) according to various rules - it's good stuff.
At any rate, on a server that's exposed to the internet, make sure it's NAT'ed to only let the specific ports you need through.