I recently ran into an issue where my application swf would no longer load its modules. All were hosted in a single bucket on amazon's s3 service.
It turned out that the issue was that the application was being loaded at https, while the modules are being loaded at http, causing the security domain error.
I think I have two options.
1) Is it possible to set the security permissions in a way that a swf loaded at https can load a module at http? If so, how?
As per option #1, neither Security.allowDomain nor Security.allowInsecureDomain worked, though it seems like it should have.
I ended up using option two, using Application.application.url in the main document. That gave me the swf's url, which I could then use to create a static variable that avoids the conflicting secure and non-secure loading problems.
I hope this helps someone else.