Out of curiosity I did a little more digging into Foscam on Google. Searching for "Foscam issues" I ran across this...
https://www.tomsguide.com/us/foscam-camera-flaws,news-25254.html ... and this...
https://krebsonsecurity.com/2016/02/this-is-why-people-fear-the-internet-of-things/#more-33881... both of which are a few years old, so maybe they have fixed the security issues, and maybe not, based on their response in the Tom's Guide story.
The first article covers issues that would make it easy to hack into the camera if it were connected directly to the Internet instead of being behind a wireless router or firewall. In general, it is a very bad idea to connect any IoT (Internet of Things) device directly to the Internet. Examples of IoT would be video doorbells, security cameras, Alexa, baby monitors, Nest or Ring devices to name a few.
The second article covers a function added to the cameras that cause them to "phone home" which can be exploited to take control of large numbers of them, even if they are behind a router or firewall.
The overall issue is that security has been an afterthought with these devices, especially if the software was designed by Chinese companies. No device connected to the Internet should have a secret login account or one that cannot be disabled or have the password changed (i.e. hard coded credentials).
These sorts of issues in such devices that were directly connected to the Internet were exploited a couple years ago (Miriai botnet) for non-nefarious purposes but nonetheless took down large portions of the Internet on the eastern side of the US in a stunning example of the Law of Unintended Consequences.
All of that said, I am still going to try a couple of their cameras but they will be behind a wireless router, which prevents anyone from logging into them with the secret account, if it still exists, from the Internet. This will not prevent the camera from phoning home but I will be doing a network traffic capture to see if it is, and if it is I will block that traffic in the router to only allow FTP.
If anyone is interested in knowing more about IoT security, let me know and I will more fully address it in a separate post.