No need to make it an open server. For applications that require a limited number of resources, you can implement a whitelist--only allow connections to certain IPs or addresses. Inspect the connections if you have to. For everything else? Make the user run it locally, have your runtime try to connect to a local instance before connecting to a remote instance.
Alternatively, figure out a way to ship remote dependencies alongside the swf file, and define a patch format that allows replacing network requests.
All of this is more work to do, but all of it is also workable solutions.
Alternatively, figure out a way to ship remote dependencies alongside the swf file, and define a patch format that allows replacing network requests.
All of this is more work to do, but all of it is also workable solutions.