I would extend my previous post.
Usually people use php script or other programming language to load an API key into the swf application This makes it safe. They protect the script by returning API key only if a POST variable from swf application matches to a random variable in server side. {I am not clear on the script protection though}

Swf code is shipped to client side and if API key on