I'd partition the network, here. I'd keep internal files separate from what can be reached externally, as you're almost certainly going to be using the utterly and wildly and massively insecure ftp with the folks submitting files, which means your server is one sniffed or spoofed Wi-Fi connection away from being filled with all sorts of dreck. If it gets breached — it's exposed to the net and mistakes can and do happen, after all — network partitioning means the attackers have a tougher time getting further into your network.
As for a different approach, you could have the folks store the files elsewhere, and then pull the files into your network. This avoids exposing your server, and means that passwords and configurations and software isn't quite as critical as with an exposed server.
As for the duplicate entries, disconnect or disable the secondary LAN ports on the Xserve, or set up a parallel LAN and separate subnets for the two connections, or get a switch that supports link aggregation. Link aggregation does mean you lose the LOM access, however.