No, there is no way to actually hide the requests made. That is impossible, not only can firebug or Live HTTP Headers intercept it if it is run in a web browser, I can load up Wireshark and find all incoming and outgoing traffic and analyse it. What you need is a method of encryption or offuscation. For example, take their score, base64_encode() it, then take the current time, reverse it (and maybe add a key to the end of it), and then take the MD5 of that. Submit all three pieces of info to the server, if the time is more than 5 seconds old, they could have edited the request and sent a false one. Check the validity of the time by reversing it (and then adding the key to it if you used one) and taking the MD5 and make sure they match. Of course, you can run some complex encryption algorithm, but that is pointless in the end:

There IS no foolproof way to combat this. I used to work in the reverse engineering field. I can tell you that I can edit any value in any flash game. Therefore, while the submission of the score may be somewhat secure, I can decompile your game and look at the code, and see what you did to offuscate the score submission. Or, even easier, I can just edit the value that holds the score in probably under 60 seconds. Adobe Flash Player stores variables in memory, and that is where the weakness is, I can edit those variables and values in memory easily.

And if you are trying to take on the challenge of preventing reverse engineering, I say you just stop at the offuscation and hope no one like me is playing your game. Many many attempts have been done to prevent reverse engineering, and let me just say this: offuscation and “security” only keeps the honest guys out. This is true for both the real world as well as programming. Someone that truely wants to exploit a system and has the skills to do so, it is easy. It only keeps casual hackers and cheaters from cheating. The balance between security and methods to circumvent it is ever close to equilibrium.