How safe is running an FTP server (not SFTP) in this specific configuration?

This is for a single, collocated server living in a data center. The server is directly connected to the Internet.

The firewall allows web and email services through, but nothing else. So everything else, including filesharing, including SSH, must go over the VPN. The VPN is running on the server, so I guess the firewall allows 3 services through.

I often use macos or windows native filesharing to move files around when needed. But it occurred to me that, for one thing, the data is probably being double-encrypted due to the VPN. But also, if I just ran an old school, fully unencrypted FTP server on this machine, and kept it's port(s) blocked so you could only access them by connecting to the VPN first, is that safe? And probably set up access rules on the FTP too so only IPs on the VPN subnet can connect.

Is there any risk this FTP server would expose me to? I would think that even other machines on the same subnet at the data center wouldn't be able to see any data, so at first glance it seems like it would be super safe. And should give me faster, simpler file transfers.

If you blocked the ports on the network side and whitelisted access rules on the ftp server I don't see any harm in setting it up that way.
It still seems crazy that Windows doesn't have native sftp functionality built into their file explorer.

I'm actually on Macs, and we have FTP read only, no write native in the Finder. But the code editor I use (BBEdit) actually has an FTP client built in. Plus I probably wouldn't be using this for day to day stuff, just special larger transfers like office backups I do every few months.

I'd set it up and then do some file transfer tests to see if it even makes a difference.

If the firewall is blocking all ports anyways, you shouldn't even have to mess with the ftp server itself.