Its actually quite secure, just a folder where a job picks up a file for processing... It doesn't have access to the ACH or banking network. The transaction still needs approval which will come from an another method, usually with strong encryption.
The author probably had it this way because they did want to spend the money for a 3rd party integrator which would process the transaction via a web service.
Hey I can't believe EDI is still alive but it is....
So the third party integrator which processed the transaction as a web service... would then turn around and drop files on an FTP server at a bank, to _actually_ make the ACH happen?
I think maybe OP is essentially a third party integrator?
No... 3rd parties like cybersource act just like banks from the perspective of the network and can initiate transactions. They pay big money to the financial institutions for this level of access... But from a dev perspective they provide a defacto standard for transactions across many institutions and networks
...not to count all of EDI's bastard children that are 'easier' [generally by taking out some/most of EDI's redeeming qualities]. shudders I had to implement one of those in 2014. :|
The author probably had it this way because they did want to spend the money for a 3rd party integrator which would process the transaction via a web service.