If I use a connector to pull files from an SFTP server and when I configure it to pull all files from the root folder after it logs in but it actually pulls from the machine's root directory, is that really an SFTP server or just a server? Is that even secure?

What is "just" a server?

As SFTP is just a subsystem of SSH (which would grant you file system access anyway) this is normal.
There are certain configuration options if you want to lock in certain user to their own folder (and restrict normal SSH for them).

I mean I can login using my username and password and then see all hidden folders in my account which is set to "/home/<username>". I can ssh into the machine using the same username and password and then traverse through all home directories effectively being able to see the files that any other user has on that server.

From my experience with SFTP machines before, I shouldn't be able to see who else is on the machine, and certainly not which files they are storing.

I don't want this level of access so I haven't fully tested the extent of it but it seems like I can pull far too many system files.

@cmarshall10450
Is it a shared system?
With shell SSH access you need (read only) access to a lot of system files for executing basic commands.
If I have to guess: You have normal user rights on that system. That's okay. There are filesystem permissions to prevent you tampering with system files or read other user's files.

It's a system managed by a company that holds their clients' data so is shared by a lot of people. I have access to the data of a client we both work with but trying to find out exactly what I have access to in case I have access to things I shouldn't have access to or the inverse of somebody being able to access my client's data. If the latter is the case I'd need to report that to my client.