Using ssl encrypts the response over the wire, but it's still being decrypted on the client side, so an https sniffer employed by the client can still read the data that the server's sending.

Can you give an example of a type of data you want to send into Flash that you need the user to have absolutely no access to? There's usually a way to structure your server-side to get around sending sensitive data to the browser, so that whatever processing needs the secure data is done on the server, and the rest of the processing on that result is left to the client...