Bruce Phillips [1] (You should check out his interesting Flex posts [2]) let me know that my Surfing Stats data didn't load when the swf was located off my http://www.nodans.com domain. I want others to take the code and do with it as they please so I need to make the data available across domains. This is done through the use of a crossdomain.xml file. The file I used looks like this: 

<?xml version="1.0"?>
<cross-domain-policy>
  <allow-access-from domain="*" />
</cross-domain-policy>

This is a very promiscuous file. It allows anyone anywhere to load any data in the containing directory and all subdirectories. Such a promiscuous file also opens up security vectors. In the words of Lucas Adamski on DevNet: [3]

As an example, a user is logged in to an e-commerce site that uses cookies for authentication. On the site is a user account settings page where you can see information such as your mailing address and other personally identifiable information. If this site has an overly permissive cross-domain policy file like *, a SWF file that is hosted on another domain could silently load the account settings data and send it elsewhere. This is because the browser appends the cookies for the e-commerce site to the request from Flash Player.

By default, the SWF looks for the crossdomain.xml file in the root of the website but with a little code, you can put it anywhere you please. I used this command to tell the SWF where to find the crossdomain.xml file:

Security.loadPolicyFile("http://www.nodans.com/custom/surfingstats/crossdomain.xml");

Now, only the directory containing SurfingStats is enabled, reducing the surface area of attack. If you want to read more on the security issues with crossdomain.xml files, check out these links:
Poking new holes with Flash Crossdomain Policy Files [4]
Cross-domain policy file usage recommendations for Flash Player [5]
The Dangers of Cross-Domain Ajax with Flash [6]

Original content at Dan Wilson's Blog [7]