The biggest challenge for you would be to secure your data. You can use cryptography to ensure that data being passed to the server is sure. One of the AS3 APIs for cryptography can be found at http://code.google.com/p/as3crypto/.
I think AMF is betterbecause it is faster 10 times than alternatives...
Action Message Format (AMF), which developed by Adobe and is open to the public, is another RPC format that is gaining momentum among RIA developers. Although AMF is mostly used by Flash and Flex developers there are implementations of this protocol in PHP, Java, and even .NET.
JSON and AMF seem to be far more efficient than XML over HTTP but they also depend on the existence of libraries designed to encode and decode the content. XML on the other hand is supported by all modern languages as XML parsers are included in the base libraries of most RIA platforms (e.g. Flex, Ajax, Silverlight, Curl, Java). In addition, XML is simply easier to understand when looking at an arbitrary web interface.
So there appears to be good uses cases for two categories of RPC protocols in RIA applications: XML for public APIs and Compact Protocols (e.g. JSON and AMF) for private communications.
In the case of public APIs, if you are going to publish a Web API that can be used by any application (e.g. Amazon Web Services, Google Code) than you want provide XML interfaces at the very least. You can also provide JSON and AMF, but XML must be present or adoption won't happen.
In the case of private APIs - those web APIs used by a single RIA application or within the enterprise - you can choose between XML, AMF, JSON or something else. If it’s your application and your not attempting to support public consumption use what ever makes sense to you. In the case of private APIs the use of compact protocols such as JSON and AMF makes a lot of sense. They tend to be much faster in both message size and parsing than XML and provide a significant difference in over all application performance.
AMF is better in many ways. However, one issue with AMF is that it does not uses HTTP protocol. Now anyone can understand what that means. HTTP is an open protocol and supported by everyone. AMF is a proprietry protocol and closed. Using AMF will also have issues regarding firewall settings.