Seems like the simple solution is to serve all non-trusted content from a separate hostname. For example, serve avatars or uploaded files from usercontent.example.com.

As far as I can tell this would stop the attack nicely. The malicious SWF would execute in the context of a domain you don't care about.

Fourmilab's been doing this for years with HotBits. I remember writing an atomic-powered band name generator that used it.