ISA in SBS - yes, it's secure
If your small businesses are like mine, then they need to upload and download FTP files on a regular basis. Manufacturing and the Auto Industry is king in my area and they are FTP.
ISA 2004 contains an application filter for FTP. It monitors and make sure that the stuff coming through your FTP port are actually FTP communications and not a bad guy trying to push something into your network on port 21. A pin hole router wouldn't care what the data coming through port 21 is but ISA does. On the flip side there is also an FTP Filter that gives you control over who can upload and who can download files using the FTP protocol.
By default the FTP outbound rule is present but disabled. Enabling this rule will give all of your users the ability to send files out using FTP. If you don't want everyone to have FTP out permissions, then open the properties for that rule, go to the users tab, remove the all users group and add your individual or group that you want. However, this rule only applies for web proxy clients, not for firewall clients.
If you would like to offer Firewall Clients the same features then you'll need to edit the SBS Internet Users rule and uncheck the Read Only box under FTP Filtering.