We have a little in-house LMS with courses built in Flash. Scores are updated and retrieved with POSTs to PHP scripts which query a MySQL database. All the course content and quiz questions are in xml files. Those XML files are easily accessible from a user's Temporary Internet Files (sort of SCORM style, for those familiar with it) and while you'd have to be pretty desperate to cheat at something like a Fire Safety test, it's still a vulnerability we'd like to solve.
I intend to move the quiz data (and eventually, the course content) into a MySQL database, then probably build the XML in PHP and echo that to the Flash course (as we've been doing to update and retrieve assessment scores). I think I could limit how and when the xml is displayed by passing hashes and shared secrets and whatnot between the PHP page and Flash, but this only limits outside access, and anyone viewing the course legitimately will still see the XML passed around (I think..).
Surely I'm not reinventing fire here. Is there a method or a technology in existence that allows the safe, discrete passage of xml into Flash?
Edit: Ideally, I'd probably want to pass the questions and possible answers from MySQL to Flash, then pass the chosen answer back and do the marking server-side.. but time is money, and I'm looking for an answer that will require as little rebuilding of the flash framework as possible.