Deployments

I have a deployment application for my team internally. It first connects to a user's repository and deploys over FTP. For e.g. if I have a repository at Bitbucket, I will connect it with this application, the application then adds a deploy key to a Bitbucket repo (using Bitbucket's api) and then clones it. Coming to my question, does cloning the repo using exec() command secure enough ? If not what is the best possible way ? How does services like Forge, Envoyer, DeployHQ, FTPloy, Deploybot achieve this ?