A good question.
By default Moodle stores all course data in the moodledata directory which is not in the HTTP root, and uses a PHP proxy script to retrieve the data to serve to users. Normally, Flash Player checks URLs to make sure that they're either from the same domain
, i.e. http://yourserver.com/
or that they're from a trusted server
that has an XML
cross-domain policy file on it.
Having a PHP proxy script circumvents these security measures and leaves your server and databases open to all kinds of horrific abuses and attacks by hackers. The advice should be more clear about this and it should provide links to the latest security information and updates from Adobe.com. At the moment, you have to go and find the information for yourself and know, specifically, where to look:http://www.adobe.com/devnet/flashplayer/security.html
If you have SWFs, <object> and <embed> tags and allow users to upload
and embed SWFs, you're leaving your site security wide open!
I hope this answers your question.