When you embed a SWF, the HTTP request includes lots of headers which include the cookies for the domain that your SWF belongs to, the referrer (should be the url of the page that the SWF is embedded in), the user-agent, etc. Is this exposed anywhere, like mx.core.Application, etc. ?
Is it not exposed because of security? Is there somewhere to affect this through security policy? It actually seems like if it is NOT included it would cause more security problems than it would solve. A lot of sites use cookies for authentication for example, and if cookies aren't there then a different (maybe less secure) method must be used to propagate security.