Apollo Security Sandbox

The documentation released along with the Apollo downloads is tremendous. Brushing through on a basic level, I’ve found the following item of interest:

SWF files installed with Apollo applications do not need to look for cross-domain policy files. Capabilities that normally require another SWF file to grant access by calling the Security.allowDomain() method are not restricted to SWF files installed in Apollo applications.

This sounds very good. I’ve always found Flash Player security a bit restrictive. No other platform that I’m aware of has such tight rules about reading crossdomain data.

It is also stated that:

All other resources—those that are not installed with the Apollo application—are put in the same security sandboxes as they would be placed in if they were running in Flash Player in a web browser. Remote resources are put in sandboxes according to their source domains, and local resources are put in the local-with-networking, local-with-filesystem, or local-trusted sandbox.

So I guess I am pretty confused at this point… these statements seem to be in conflict with one another. I’ll have to build some sample apps to sort this out for myself.

EDIT: After toying around with Apollo and reading further into the documentation, my perception is that Flash content built with Apollo has a certain set of security features, while SWF files loaded into an Apollo application have a similar but different set of features.