Reference: Configure Services Dialog
This field enables callback security for your Beyond FTP site. When enabled, every call received from a remote Beyond FTP server is verified, dropped, and replaced with a call from your server to the remote server. It assumes that every server that contacts you can be called by you. The advantage is that only those Beyond FTP servers listed in your local Address Book are allowed to connect to your Beyond FTP site. A remote server must not only have the correct name, it must reside at the correct location. The drawback is that both servers must have permanent TCP/IP addresses.
Since Beyond FTP is constructed around messages that are not plain text to begin with, and since these messages are encrypted, the chances of a successful hack are extremely small. Enabling callback security simply decreases this already small probability.