A downloaded SWF file is considered a "movie" and supposed to be safe. Right ?

But, when you click the SWF file, the standalone flash player comes out and execute fscommand.

There are examples in FlashKit,that using the horizontal tab chr(9) to replace the SPACE, parameters can be passed to the command string.

By this, malicious SWF can do nearly anything, including damages.

By this, I can write an SWF movie with fscommand in frame 2 to command standalone Flash player to delete your C: disk without asking for confirmation.

Is that terrible, or should we be "careful" not to download SWF file that we do not TRUST?