It's not safe. Have you ever gone to a web site and been prompted to download the .php file from a site (this can happen when something gets misconfigured in your httpd.conf file for example - in Apache anyway). In that case they have all the code including ftp info. Also ftp itself is not safe since the password and data are not sent encrypted so the password can be intercepted.
scp is better - check out WinSCP or on linux type man scp.
Also you can set up keys on your local and remote servers so that no password is actually used to send files, just the keys. Then you can use for example rsync -ave ssh ... to transfer the files. For more info see:
Backup web server to home computer [webmasterworld.com]

I am using WinSCP for my file uploads. But I am trying to configure a PHP script to let users upload image avatars. Using the PHP's ftp_login function is failing, but it sounds like this isn't the way I want to go about this.

What is a more secure way to configure PHP to allow users to upload files? I've read FTPS is supported by PHP, but cannot find much useful information about it.

If your server supports SFTP, it would be a better choice - there's a good note about this on the fopen manpage - checkout the "17-Apr-2005 09:41" entry in the comments.

Setup a specific user/pass combo to write to the avatar folder only.

If you just need to upload avatars you could use move_uploaded_file() [php.net] instead of using FTP.

What OS is your server running?