Calling Security.allowDomain("*") lets any domain cross-script into the domain of this SWF and exercise its functionality.

Noncompliant Code Example

Security.allowDomain("*");

Compliant Solution

Security.allowDomain("www.myDomain.com");