Having built/architected/developed/consulted many Adobe Flex applications and being one of the first certified Flex instructors in the world, I’ve seen a lot of Flex applications. Some good, some bad.
But no matter how many applications or who I’m talking to, I always stress the importance of securing proprietary information. By securing, I mean don’t put it in your application. Unless your are encrypting your application and decrypting at runtime, you are subject to a decompiler exposing your secrets.
There are Flash decompilers that will take any SWF and give you the source:
Trillix Flash Decompiler is one of the best commercial tools I’ve found.
I’ve even seen guys decompile, make changes and then recompile a Flex app. This is scary! Say goodbye to licensing software in Flash.
But HP just released a tool that has caught my eye as well. (Note: I have not tested this tool) It claims to decompile and test for security weaknesses. It’s called SWFScan and it’s a free Windows based tool from HP.
If security in a Flex or Flash based application is a concern for you, you must look at these tools. If security is not your concern, look anyway.