If you’re doing work for a client and they just have a site on basic shared hosting and no access to SSH, do you just go ahead and use basic unencrypted FTP to upload files? Do we have any liability if their info is compromised? Not very likely I know, but I was just wondering if anyone has any thoughts on this.
The safest thing to do would be to advise them in advance of the possible risks. That way they get to make the decision beforehand as to whether they want to upgrade their account so as to provide the extra security or whether they are prepared to take the risk.Put it in writing that if they decide not to upgrade the account that you accept no responsibility if their info is compromised as a result.
That way you are covered if something does happen as you can show that you advised them of the risks in advance and they made the decision to take the risk.