Well As far as I know, flash does not have and MD5 capabilities, thats a PHP thing. I suppose you could take the key into flash, send that key via load vars to another PHP page that encrypts it and returns it to flash and then use the encrypted key to call the image. So even if they decompiled the SWF, the encrypted value itself would not be in the code.