I like this host a lot, and the lack of secure file transfer is the only thing stopping me from committing to them for a new e-commerce site. I've seen a few recommendations for WebDav, but that would still involve at least one change on the host, namely enabling the mod_dav Apache module. I tried looking for open source PHP FTPS servers but had no luck. Any ideas?
You can try simple CGI/PHP form uploads via HTTPS.
Or, if the host machine has the software, you could try using PHP to decrypt files that you upload encrypted. Note, you may not have access to GPG/PGP, but most Unix platforms have "crypt" (not the strongest crypto, mind you, but in a pinch...) and most likely will have openssl which can be used to encrypt/decrypt.
Worst case (no access to local executables or a non-Unix platform) I'm sure there is ready-made PHP code for encrypting and decrypting local files. On Stack Overflow, the mcrypt module was suggested. Sure, it's a lot of extra work, but it's an option.
Where there's a will (or a whip), there's a way.
Is this for uploading files to the server? Do they provide SSH? If they do, you could transfer things over SFTP.