[eluser]kurucu[/eluser]
Does your htaccess block everything where the referrer isn't your site, or just there is no referrer? There's no good reason why a flash file should include it any easier than a normal browser, unless the flash file is spoofing headers (can flash do that?).
If the flash file acts as a browser, perhaps you could also filter for user agent (which could also later be spoofed, if that's what's happening for referrer).
So the answer might simple - add a check for the correct referrer, and block some user agents.
Or, it's hide all your MP3 files behind PHP/other, and require a captcha to be completed before that session can get to your music.
