crossdomain

I'm using Flex to build cross-domain widgets that can be embedded on any domain. These widgets consume data via Services and AMFPHP. Unfortunately, I've been notified that my site is now vulnerable to attacks because I have a liberal crossdomain.xml policy file that allows connections from any domain.