One of our servers had a database with quite a lot of ftp users using there username as there password. To get rid of that problem i did the following. Make sure to backup you databases first. Now find out how many users there are with userid=passwd.
This select will show you which users have a userid field equal to the passwd field not a good idea.
select * from ftpuser where userid=passwd;
This update statement will update all of these users and set a random MD5 string as there password.
update ftpuser set passwd=MD5(RAND()) where userid=passwd;
This will only work with clear text passwords.