One easy option is to create a hash of the XML data as a string and then hard code that hash in the SWF (a hash is quite small). When you load the XML, you hash it again and compare the hard-coded SWF hash with the newly generated hash. If they don't match, you know the user tampered with the XML. This sounds harder then it is. Probably less then 20 lines of code at the most. It also works even if the game is being run locally or from the web as it's deployment agnostic. I can provide more details if you are interested.
Does that mean you would have to edit each levels hash every time you edit a level. I guess you could add the hash at release time. Do you have an example of the hash being used in this such case?