Adobe AIR brings unique and attractive features to Flash widget developers. First of all, it's cross platform; secondly it provides access to both web and desktop resources and thirdly, it comes with a great security model that allows you to write power yet secure widgets.
Sandbox Model
AIR applications can be built using both Flash and HTML/AJAX and can also leverage PDF for document rendering. The Adobe AIR sandbox restricts unauthorized access to the system files by AIR application. One application cannot access another applications secure files. Adobe comprehensive sandbox model include support for both application and non-application sandboxes. AIR also supports a special mechanism called "Sandbox Bridge" which allows non-application-sandbox files to access the properties and methods of files in an application sandbox.
Support for Code Signing
Adobe AIR applications must be signed by a code-signing certificate. Adobe recommends that developers use a commercially obtained code-signing certificate, as opposed to self-signed certificates! This support for digital code signing ensures developers are who they say they are!
Data Encryption
For added security, Adobe AIR enables apps to store encrypted data (using AES-CBC128-bit encryption) in a separate location. Since two applications cannot share the same encrypted store, sensitive files are secure.
HTML Security
The security model for the HTML application sandbox in AIR differs significantly from the sandbox available in the browser. Adobe AIR locks down certain Javascript functions to prevent malicious code from harming a user's file system. Additionally, untrusted scripts are added restrictions.
Resources: