Adobe released the new Flash 10 player about a month ago and it seems to have wreaked havoc at Salesforce.com. It looks like the main bug with the Flex Toolkit has been resolved but there are still a few lingering issues to be dealt with.
On 10/24 it looks like Salesforce.com applied an update that seems to have affected the crossdomain policy. We reported it on the message boards, Salesforce.com escalated it and fixed the issue that afternoon. About a week later I saw a vague post on the discussion boards about a month before Dreamforce but there seemed to be no activity on the thread.
At Dreamforce we were presenting some of our Flex solutions and were have connectivity issues using the Firefox so we switched to IE. I realized after the presentation that Firefox was using Flash 10 but IE was using Flash 9. The issue was that Flash 10 was throwing a "Security error accessing url" execption. Everything worked fine in Flash 9. I posted a message on the boards and forwarded the URL to our support rep to check into. That afternoon I attended the Flex session at Dreamforce and spoke with Dave (Flex Product Manager) and James Ward (author of the Flex Toolkit) and alerted them of the problem. They assured me that they had fixed the bug two weeks ago but I pressed the issue and forwarded them documentation after the session. Dave replied to me immediately that they had identified the problem and were working on a fix.
Note: You can hear our conversation at Dreamforce addressing this issue at about the 60 minute mark in this presentation.
I followed up with Dave on a daily basis and it took them about 2 weeks to fix the bug and apply the patches to their servers. I tested the fix and indeed our Flex apps ran on both Flash 9 and 10! However, the next day I realized another problem. The Flex apps only ran successfully if they were hosted on Salesforce.com's servers. We have a number of Flex apps that are hosted on our servers and they were still receiving the same security error, but this time in Flash 9 and 10. I sent Dave an email outlining the issues and he quickly called my mobile to work on the issue. I posted some test code on a number of server (internal, external, https, http) and we worked through the issues and developed a solution. Dave posted a detailed explanation of the problem and I supplied some sample code.
Overall this was a positive experience on how a large company can respond to technical issues in a timely manner.
