if i got it right, permissions/authentication is our problem... right?
if we don't find/build a flash applet that will correctly use http authentication, then there's no way i know it could work,
except
1. trying to workaround http authentication by submitting user/pass as POST data. this would only work with HFS, as it's not standard, but it may be ok.
2. supporting cookie-based authentication on HFS, that will take a while.