Since you know the SWFs are safe, you can load them with the URLLoader class as a ByteArray object and then use Loader.loadBytes() to inject them into the AIR app. To do this, you must pass a LoaderContext with allowLoadBytesCodeExecution=true.Note that older versions of Flex had difficulty with this technique, but I believe they have been resolved. I've asked the engineers for clarification on the Flex support issue, but in the meantime, here are some links that might help:
The Flex ModuleLoader loadModule() method also can take a ByteArray object.
this method works - even in AIR 2.0beta2.
I could swear I read somewhere that this 'workaround' stopped working in AIR 1.5.1, but I must have been mistaken.
This is amazing - thank you
Don't load the swf externally.
Download it into the AIR app installation directory and load it from there.
AIR trusts swfs which are delivered from there, but not ones delivered externally.
Adobe will say this is a bad idea, but it works.
On some OS's/configurations (Vista, for example), the app install directory is read-only. This is the main reason why it is a bad idea.
Yup, but it works for environments where you have lots of control...
Admin apps on call centre machines for example.
I do agree that the load bytes method is nicer, it just means you have to download the swf again next time. By writing it to the disk the load time is much quicker.
You can also download it to a directory that's guaranteed to be writable, such as the application storage directory, and then load it from disk on subsequent uses.
Last time I looked, AIR didn't trust any location on the file system (including app storage) other than it's own installation directory. If that's changed since 1.0, I can happily delete a bunch of code
That is still true. However, this topic is about loading modules that you're application trusts, whether or not AIR trusts them. To use the application storage directory, you would still need to use the loadBytes method to load the module, not the standard Flash or Flex method.
For extra security, you can sign and validate the downloaded modules, as described here: http://www.adobe.com/devnet/air/flex/quickstart/xml_signatures.html