Very secure, but hard to configure for virtual users and chroot.
Here i have crack it down one day for my client.

| /etc/vsftpd/vsftpd.conf

anonymous_enable=NO
local_enable=YES
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
pam_service_name=ftp
chroot_local_user=YES
guest_enable=NO
guest_username=www
listen=YES
pasv_min_port=30000
pasv_max_port=30999
user_config_dir=/etc/vsftpd/vsftpd_user_conf
userlist_enable=YES
userlist_file=/etc/vsftpd/denied_users

| /etc/pam.d/ftp

auth    required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login