You can disable preemptive authentication as of eed65d7 with defaults write ch.sudo.cyberduck webdav.basic.preemptive false. Display unsecure connection alert if property is enabled and connection is not TLS.
I suppose the problem is that you have installed Cyberduck from the Mac App Store as well and there are user defaults for the sandboxed version of Cyberduck in ~/Library/Containers/ch.sudo.cyberduck/Data/Library/Preferences/ch.sudo.cyberduck. If this exists, the defaults command writes changes to this configuration only.
As a workaround you can remove the application data in ~/Library/Containers/ch.sudo.cyberduck. I have not found how to force defaults to write changes to application preferences in ~/Library/Preferences.