I am getting flash-base security errors when attempting to load a chromeless YouTube swf…

Warning: Domain www.youtube.com does not explicitly specify a meta-policy, but Content-Type of policy file http://www.youtube.com/crossdomain.xml is 'text/x-cross-domain-policy'.  Applying meta-policy 'by-content-type'.

Error: Request for resource at http://www.youtube.com/apiplayer?version=3 by requestor from http://... is denied due to lack of policy file permissions.

*** Security Sandbox Violation ***
Connection to http://www.youtube.com/apiplayer?version=3 halted - not permitted from http://...

I’ve attempted all relevant variations of Security.loadPolicyFile and Security.allowDomain, but I continue to get these errors.

If I ignore these trace errors (I get no callback errors from the Loader) and attempt to use the player (via loader.content during the Loader’s Event.INIT), then any attempts to access the YouTube APIs causes a crash.

If I look at my player (Object) variable in a debugger, I see that it is actually a com.goggle.youtube.application::SwfProxy which is derived from Sprite. Outside of the standard Sprite vars and functions, it contains enableJsApi = false, loader = null, and player = “http://s.ytimg.com/yt/swfbin/apiplayer3-vfljSpMoI.swf”

But attempts to call functions such as player.setSize or player.loadVideoByUrl will cause a crash such as…

Exception thrown (TypeError: Error #1006: setSize is not a function.

Please advise.