It sounds like to me since it's prompting you for a password, which I assume you're typing in your regular ftp password, that it must be logging in via ftp even though it's not giving you any indication of such. Yes, we do use SSH for shell access (SSH1 by the way - not SSH2 as I noticed you had selected in this software). But we don't use it for ftp, so I can't imagine how it would login using SSH in any way shape or form.
It sounds like to me that you should ask them what happens when using their product on a server that doesn't support secure or SSH ftp logins. Maybe you should ask them if it gives any indication or if it goes ahead and logs in securely somehow.
I know what you're saying, that since it's not giving you any indication that it's logging in through an insecure ftp mode that maybe it's not. But I have a feeling since I don't know of anyway you could ftp to our servers securely, that maybe that's a flaw in the software. Maybe it doesn't give any indication when logging in insecurely. Can you ask them about that?
It'd be nice to understand all this, and I'm learning slowly, but worst case is at least I "feel" more secure using WinSCP :)
Keith D Commiskey
My Background: https://kdcinfo.com