Could you please update the http://www.yfrog.com/crossdomain.xml, so that the allow-access-from element has a secure="false" attribute. This will allow flash to access the api under SSL, when embedded in an non-ssl page.

<allow-access-from domain="*" secure="false" />