Topic: The Flash Sandbox.
I've read most of the posts about the Flash sandbox and think I understand most of it. And I can see why it is necessary.
As I understand it, a request from a widget running on my Chumby has the domain *.chumby.com. So if I want to access something from a different server, then at server needs to have a crossdomain.xml file which allows access from *.chumby.com. Which also means that any widget from any Chumby can access stuff.
I can see where Chumby is concerned about this, because they don't have 'control' over bandwidth, responsiveness, etc. So and unsuspecting user might have poor response, bad service, and it's not Chumby's fault.
From the perspective of a guy who has stuff on his server he would like to get at, I'm not too enthused about opening my server up to everybody.
I know that I can put some code into a specific application so only serve content based on some 'secret' code, but that's tough to do for packages, and it still doesn't prevent somebody from just trying different URLs to see what they get.
So, for the Chumby folks.. Is there some way you could set things up so that at least Private Widgets get a security domain of something like 'widget-id'.chumby.com?
That way, sites that want to allow any widgets access will still work with the *.chumby.com, but if I only want to serve to my chumby, or a few, I could create a more limited crossmain.xml file.