What level of control do you have over groups and users? In most shared hosting setups, you will have only one user and one group available to you. That user will also be the user under which the webserver runs and the FTP access is created. In this case you could not disallow access via FTP and yet allow it to the webserver.
If you DO have greater control, proceed down this route:
Let's say the webserver runs as user "rjm", group "rjm".
Create a new FTP user for your designer, user "designer", group "designer".
Set ownership on all web files/folders to user "rjm", group "designer" except the secret folder - set that to rjm/rjm. Give group "designer"R/W access to all other files and folders.
Ensure secret folder only has R/W access for rjm/rjm - not for anyone else.
There may be other ways of solving this problem incidentally, if you're willing to say what kind of secret data these PHP files contain/reference.