Put an "if" condition on frame 1. If the domain is yours, then play().
if it ain't, stop() and show some kind of nasty message like "Hey - don't steal my SWFs!"

You can experiment with the following methods:

1) use the _url property in flash to make sure the SWF is indeed being run from your own domain

2) check the "referer" to the page, that will tell you from whence the form was submitted.

3) put a hash in the form which is impossible to forge.

Take the MD5() of an autoincrementing integer and a secret word. for instance, my secret word is "salt" and the first 6 keys will look like this:

MD5(0."salt")="46a453945433ce452b30565cba88adb6
MD5(1."salt")="a3d296261dbda886e8685e4bad338bf4
MD5(2."salt")="786cf641763e30aedb36c356b641b1b4
MD5(3."salt")="952b1cc43e5874d2fa170decfa26f263
MD5(4."salt")="636ca80bbfe820088b7fb92b6f3964eb
MD5(5."salt")="b23df24b8a5b992eda4ecbe41af5a67f

So, that hash and the number go in your form as a hidden <input> element.

Then inside your SWF, take the number, add it to the "salt" and see if the MD5 matches.

MD5 for Actionscript [flashexperiments.insh-allah.com]

That method will protect you against the most obvious hacking methods. One problem remains: with SWF decompilers [buraks.com] someone can open your SWF and see the "salt".

That's a dilemma to address another day. it's almost the weekend.

Good luck,
httpwebwitch