Adobe Flash Player 184.108.40.206 onwards allows setting Authorization HTTP header06 Jan 2009
There were some issues with some earlier version of players, where it was not possible to set Authorization http-header for HTTP/GET requests. I tried to hack a way to do it using Socket or custom http-client in actionscript.
I just happened to read one of the technotes at Adobe's site, which says Authorization header is allowed for Flash Player 220.127.116.11 onwards. If you are trying to send request to another domain (different from the one hosting the SWF), a crossdomain-policy file is required.