Considering how a large part of kirupa.com and the forums is about Flash, it's a bit odd that you cannot attach SWF files to forum posts, though I'm sure there is a perfectly logical reason behind this. Care to elaborate?

Of course, it would be just as easy wrapping the SWF in a ZIP file and uploading that, but it would still be quite handy having the SWF file "pop up" like images do when they are in attachments.

It has to do with a cross-site scripting exploit that happened here once because we allowed SWFs in attachments and footers. Someone used a malicious SWF (along with some other technique… I don't remember the details) to gain access to a moderator's account and a bunch of posts were deleted before the situation was rectified.

So, yes, it's an inconvenience, but it seems like a fair safety precaution. I always host SWF files on my own site, so it is a non-issue for me and many of the other users who have some access to file hosting.

It's the result of running an application (swf) in the context of the viewer's local machine. Because swfs are client side, they essentially have the same permissions, notably being able to access cookies. And they can be used for no good. The workaround is to host attachments on another domain, but I don't know if the boards are wired to allow that.