I only ever did flash without paying Adobe money, just using the compiler and libraries (the only issue I ever had was to ask a game portal to provide their assets in another format for inclusion, since they originally provided an Adobe only one). What I did there was in amongst the startup code I grab the location the SWF was running from, and checked it against a whitelist from the portal, and if it was not running there, prevented the SWF from working.
Of course not completely bulletproof, people can decompile your SWF and work around anything like that, but it stops people casually downloading the file and putting it in a different web page, they need some basic level of flash (programming / actionscript) skill. You can possibly obfuscate flash, but I do not think it would make this harder, since searching for say domain name strings would be a start point, otherwise just look at the games "start point", and follow the code (e.g. if you implemented in such a way the string "mydomain.com" never occurs.
In theory (not ever tried any of the following) if your game includes a server component, then the server can be your protection, and be potentially almost unbreakable.
e.g. say your server fulfills vital roles. In a multi player game it is needed to bring players to together, and possibly run game logic, but in single player it could still be the store for important data like the games levels or used to process things that could have a slight delay (if you have enough processing power on the server).
Also say your server only accepts a TCP connection if the first thing that connection sends is a single use key the server allocated to that IP address. And say the server allocates those when the games real page is loaded, placing it in some HTML/Javascript for the SWF to pull out.
Now you have a game that really needs your server, which is completely proprietary and being on a secure server does not have any code readily available, so will be hard to reverse engineer and replace. And the user needs to visit your webpage or the SWF can't connect to the server.
That seems a lot more difficult to work around, and if someone does break around the connection-key thing, you can make an update to the server and SWF to secure it again.