If your main concern is protecting data stored on the server from malicious users, the username/password strategy is probably a good one (and you wouldn't need to implement in using Flash at all -- you could do the same thing in HTML/JS.). What you need to do is:
- Set up your web server so that the user has to be authenticated with the web server in order to get any data or perform any of the calls (from ajax or anywhere else).
- When your app first starts or at some point, have a login form where the user enters their username/password for your serve. When you make the ajax calls to the server pass the username/password along (or use a session cookie, or some other similar technique for maintaining authentication).
That way, even if an attacker knows the url of your server calls, they can't actually use them unless they have an account with you.
From a practical standpoint, you should protect your server by requiring authentication in any case. Otherwise your only security defense is the fact that an attacker doesn't know your exact url. But there are ways to learn urls (for example, by monitoring network traffic) that make it so it isn't too hard for someone to discover the urls even without your app's source code.
This probably needs to go under New Feature Requests, but I have no idea where I would do that (anybody know), but here is my thoughts on this anyway...
When an AIR package is compliled, it could (somehow) include all the html and js encoded into the .exe file. It would then (somehow) be able to access all that html and js from within the .exe and would therefore not need source files.
You could then add a new option to ADT like -includesource or -nosource which would let you decide whether to include it or not.
Just my thoughts. Thanks
DRM solutions (which is what you are asking for) are difficult and expensive to maintain. Any solution would ultimately be hacked and would have to be patched. I doubt that Adobe would offer this service for free because of the maintenance expense. There are companies selling obfuscation and other such tools. How well they work is up to you to determine.