Flash will honor browser proxies for HTTP connections initiated within an app (e.g. via getURL()), but Flash apps can also open arbitrary sockets, which go directly. For Flash video, recent versions will first try a direct RTMP connection, but will fall back to RTMPT (RTMP tunneled over HTTP) if that fails, so they'll successfully go via the browser proxy if you block other outgoing connections at your firewall.
But yes, if you allow plugins that have the ability to initiate arbitrary connections, there's no way to guarantee they aren't making un-proxied connections, unless you either use firewall rules to block outgoing un-proxied connections, or you transparently proxy everything (VPN). Same as with running arbitrary non-browser apps that might open socket connections.
But yes, if you allow plugins that have the ability to initiate arbitrary connections, there's no way to guarantee they aren't making un-proxied connections, unless you either use firewall rules to block outgoing un-proxied connections, or you transparently proxy everything (VPN). Same as with running arbitrary non-browser apps that might open socket connections.