I've been working with some client side flash developers recently and we came across an unusual error that was being thrown in a Flex application when we were sending a webservice request to a Coldfusion server.
The error was "Security error accessing URL". I thought I'd overcome this a long time ago by using the cross-domain.xml file to allow server access to services.
It appears that there is a security issue with Flash 9 that requires the following line to be added to the CrossDomain.xml file:
I'm guessing that it is enabling access for SOAP requests to any remote services on that server.