A Flash file uploaded to a site always runs in the context of that site. Flash ignores file extensions and content headers. Flash does not respect the same origin policy. Flash files can impersonate other file types. A bad guy can take a Flash program, append a.zip file, and give it a.zip file extension. Attackers can sneak Flash files into places where they shouldnt run, and malicious applications can. easily. manipulate the. hosting hosting of these files.”]
Source: http://securosis.com/blog/why-you-should-take-the-flash-origin-issues-seriously/