Right...
first I'll tell you about the interactive menu,
since you want it done in flash, you will just be embedding the same menu in each page, so this isn't really a problem, however, if you later found that you'd rather have a html/javascript menu, then you should look up the include function in php...
http://uk2.php.net/manual/en/function.include.php
that way you can just include a menu from one file, and any changes you make to this master file will be reflected across your whole site.
Next FTP
FTP is file transfer protocol, SFTP is Secure File Transfer Protocol, they both offer the same thing, the only difference in that with sftp it'll usually work with some encryption,
but that doesn't make it any more or less hard for a would be hacker to guess your password or brute force the password with hundreds of guesses.
SSH gives you console access, but I don't know if your host offers this.
Now SSL
SSL is secure Socket Layer and refers specifically to encrypting data too and from a server, you can generate your own certificates, (google for openSSL) but these will give your clients an error message about the secure certificate and that won't inspire confidence in your store.
SSL only encrypts data to and from the server nothing else, it's used for sending credit card data and usernames passwords etc simply because it's very secure, it's not a credit gateway or anything like that.
depending on how many transactions you think you'll be processing you may want to consider what I suggested before though, a company like world pay lets people pay with their cards online and does it all securely and hassle free as far as you are concerned.
if you take credit cxard details you then have to take those details to the bank, banks will usually charge you for credit card processing able accounts, this is something you'll have to find out at the bank though.
as I said before though, simply because of the leagal implications around security (i.e transfer security SSL certificates server security backups etc) it might be fore the best to just let someone else deal with that...
also if you head over to verisign where you can buy certificates, you'll see that for one year you have to pay ~$1000 for an SSL certificate, (and you'll be paying that each and every year).