Documentation says, "Use allowscriptaccess to let your Flash
application communicate with the HTML page hosting it. This is
required because fscommand() and getURL() operations can cause
different from the permissions of your Flash application. This has
important implications for cross-domain security.
allowscriptaccess="samedomain" permits scripting operations only if
the Flash application is from the same domain as the HTML page."
Question is what is a "domain" for locally launched
applications that run in the local-with-file-system sandbox ? If
the SWF and its containing html file are in the same folder are
they deemed to be in the same "domain". If they're in different
folders are they deemed to be in different "domains".
The "samedomain" has more to do with the idea that someone
can't hijack your page by sending someone to a url that is totally
unrelated. For example, if adobe.com wanted to put something up,
they would be saying that as long as the file is on their servers
then it can be retrieved and posted. This helps to eleviate
rerouting by third parties.
The domain can be as specific as a domain name, such as
Adobe.com and a server that it is connected to. But for
actionscript, I don't think it is THAT specific. What it does, is
keeps the website local to the company.