A solution might be to create data_is_moddata_trusted function in /mod/data/lib.php which returns "true" and enables inline loading of database data files, but this would cause inline loading of files from "file" field too, which is not acceptable as I think.
A workaround for this is to make data_is_moddata_trusted function to check what field type corresponds to the file being loaded. This can be done by adding a field name into the path to the file: for example, /moodledata/3/moddata/data/1/multimedia/5/19/somefile.swf instead of /moodledata/3/moddata/data/1/5/19/somefile.swf. data_is_moddata_trusted should then parse file.php arguments looking for the file type, check for "xxx_field_moddata_trusted" function in /field/xxx/field.class.php and return its result (which will be true) if it exists, ot "false" if not. So multimedia field will be trusted to inline loading of files, and file field will be not.
I've made such changes on our server, but I'm not sure if it's a good solution. I'm looking forward to hear any comments and suggestions, as multimedia field is already in contrib CVS