Yes, it is right.
In the ASP environment, the FTP/SSL library runs on the web server (ASP hosting server) and the ASP application connects to the FTP server from there.
The FTP/SSL library cannot affect security used for communication between the web server and the web client. However, you can set up it simply by requiring the HTTPS protocol on the web server.
To clarify, I can extend your schema:
MACHINE: | Web client | Web server |
| | = FTP/SSL client | FTP server
----------|--------------------|--------------------------------|------------------------
SOFTWARE: | web browser >>> HTTP >>> ASP application >>> FTP/SSL >>> FTP server
| | using FTP/SSL library | application