A viable method would be to create a simple API. If you supply FTP credentials with your app, chances are it will be hacked.
If you create a simple HTTP API, you can assign a unique API key to every client, and if someone uses it for spam or whatever, you can just ban them without affecting the others. (See, you store valid API keys in a database, or whatever.)
Generally speaking, almost anything that doesn’t use a unique, per-client authentication can be abused, if you store FTP or SQL connection data in your app, you’re going to have a bad time.
solved Java: Highscore system [closed]