Dunno all the whys and wherefores of not allowing remote FTP access to the system, but if you put a web server on the remote system and write a secure CGI, you can easily provide listings and downloads, perhaps by only allowing HTTP access from the machine that's currently serving up CGI (i.e. the one through which the users will access the site); even that's not necessary if you just give the web server access to the directories containing the files and let it list the files in the directories (this is very easy to do with Apache, for example).
Keeping it short and sweet, why not let HTTP be your remote file access protocol =)
If not P, what? Q maybe?