Why is this an issue?
Calling Security.allowDomain("*") lets any domain cross-script into the domain of this SWF and exercise its functionality.
Noncompliant code example
Security.allowDomain("*");
Compliant solution
Security.allowDomain("www.myDomain.com");