Writing about secure passwords in Buzzword got me thinking about the state of security and user trust in Flash (and Flex)-based Rich Internet Applications in general. After giving it some thought, I concluded that we have a little more work to do if users are to be expected to have the same sort of trust in Flash-based RIAs as they do for JavaScript and HTML-based applications and web sites.

The key security issue I see with Flash applications, especially those that deal with sensitive information, is that the user has no way of knowing whether or not the application is communicating their sensitive data over a secure connection.

(more...)