The short of this article is that allowing flash applications in facebook/myspace is similar to the security issues we see with running “ajax” in browsers.
The long of the article is that an application is allowed to execute code within the flash environment. Normally, this behavior is limited to the local flash environment so the threat is limited. However, it has recently been discovered that there are ways to reach outside of the environment and access other domains. Aside from the obvious risk, there is the side effect that any attacks executed this way would appear to be perpetrated by the victim’s account rather than the attacker. Myspace and Facebook appear to be acting quickly to resolve the issue.
This brings into question once again the security versus productivity debate. You can prevent access to these sites and thereby sidestep the security risks. However, locking the sites down may result in losing talented individuals to other companies that do allow access to these sites. The only right answer is the answer your organization comes to after appropriate risk assessment.