Mike Chambers has written a new white-paper at Macromedia on Flash MX Security. You can download it at http://download.macromedia.com/pub/flash/whitepapers/security.pdf. I've cut and paste the table of contents below:
Contents
Introduction to Macromedia Flash MX
What is Macromedia Flash MX?
Why is Macromedia Flash MX secure?
How does Macromedia Flash MX protect users’ privacy?
Macromedia Flash Player 6 sandbox
What is the Sandbox?
Domain-based authentication
How is the sandbox implemented?
Local file I/O access
Cross-movie communication
Flash-JavaScript communication
LiveConnect API
ActiveX Control API
Security of data transport
Data encryption with SSL
One-way data encryption within Macromedia Flash MX using md5
Security of data transfer from Macromedia Flash MX projectors
Security of data and algorithms within a Macromedia Flash MX movie
Security concerns of an open format technology
Best practices for securing data within a Macromedia Flash movie
Virus or trojan security concerns
Macromedia Flash playback through projectors
Macromedia Flash projectors as a carrier of viruses
Malicious files disguised as Macromedia Flash files
Macromedia Flash movies that contain malicious code
Macromedia Flash movies as e-mail attachments
Resources
Acknowledgments
It took a couple of hours to read all the documentation and install Movable Type onto my account. I've found it to be a wonderful piece of software thus far, because Movable Type solves two big problems: separating content management from content display, and providing an archivable, cross-platform content management system.