Precisely. Not to mention the wonderful little easter egg that is flash-cookies which the user has no control over or visibility into. Adobe has let most of it's constituencies down.
"Flash Player 10.1 abides by the host browser's "private browsing" mode, where local data and browsing activity are not persisted locally, providing a consistent private browsing mechanism for SWF and HTML content. Private local shared objects behave like their public variants as long as Flash Player is in memory and local shared objects created during private browsing are removed when returning to public browsing mode. Existing shared objects are preserved but inaccessible until private browsing is turned off. Libraries in the Flash Player cache, like the Adobe Flex® framework, are unaffected by private mode. Supported in Firefox, Chrome, and Internet Explorer. No developer action required."
