I hope you are aware that SWF files are a wide-open XSS vector, and don't put anything important in cookies here? This file could just as easily steal everyone's cookies.

Actually, it seems that adding allowScriptAccess="never" to the embed tag closes this particular hole. You probably want to do that.

Fixed.

Now there's nothin here