Cross-site requests in Flash require an explicit opt-in from the server, using crossdomain.xml. This means that the target site has to allow these requests in a file called cross domain.xml. That file not only needs to be there, it also needs to identify which foreign. domains are allowed to do cross-site. requests (which is ‘*’, a wildcard, in most public web sites so far, like Yahoo, Amazon. etc.) Flickr has since isolated their API to a separate domain.”]
Source: https://shiflett.org/blog/2006/the-dangers-of-cross-domain-ajax-with-flash