Re: TFTP is better
I suspect that an installation that does not have a chrooted TFTP server probably has bigger problems.
Not to mention that having an intruder on my LAN is probably of higher priority than protecting against someone who wants to _read_ a copy of the firmware for bespoke lab instruments.