report/security/report security check embed
From MoodleDocs
Allowing ordinary users to embed Flash and other media in their texts (e.g. forum posts) can be a problem because those rich media objects can be used to steal admin or teacher access, even if the media object is on another server.
Thus it is recommended that the setting 'Allow EMBED and OBJECT tags' in 'Site policies' is left unticked.
See also
- Using Moodle Security and Privacy forum