I think I got it..
I created a User in Netinfo:
-------------------------
expire 0
shell /dev/null
name ftp
passwd *
home /Users/ftp
_writers_picture ftp
change 0
uid 21
realname Anonymous FTP
gid -21
--------------------------
And a group:
-------------------------
password *
name ftpuser
gid 313
users <your privileged users, not ftp>
---------------------------
I found a unused gid by searching the Domain.
I created a User in System prefs for a friend of mine and edited him in Netinfo, gid 313 and so on, home /Users/ftp
In /Users/ftp I created pub and incoming:
drwx-wx-w- 3 addi ftpuser 58 Feb 4 18:08 incoming
drwxr-x--- 21 addi ftpuser 670 Feb 4 13:51 pub
My friend has access and Anonymous users can't do anything to my computer.
Do you see any security risks?

Edit: Just noticed the threadid... :D

not sure, but...

might you want to set a sticky bit on ftp/incoming ?

without sticky bit, can't addi.ftpuser scan and delete filename in ftp/incoming even if it don't belong to them?

edit: oh, and BTW, cool beans, let us know how this works out.

Highly unlikely, considering that I'm addi. :D

So far (been running for 2-3 days) everything's been great. Much easier to share this way than mounting public folders....

okay, you're addi

but doesn't group -wx mean that user ftp.ftpuser have scan/delete access to files in ftp/incoming?

The users in the ftpuser group can write to the incoming dir, but they can't see anything in there except what they just uploaded, they can't even see what they have uploaded in previous sessions, it's a perfect dropbox.
Firmly tested.