flash not seeming to work on https

This site https://www.wormatlas.org/SW/SW.php/  was working fine under http and now that it's https, the flash is not fully working. When you click the arrows, it should not only navigate the slidable worm, but also change the picture.

There were hardcoded references to http and I changed every local href so that it refers to the root of the site, but that had no effect. I also added a crossdomain.xml to the root directory in case there hidden references. The file is as follows

<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

    <site-control permitted-cross-domain-policies="all"/>

    <allow-access-from domain="*" secure="false"/>

    <allow-http-request-headers-from domain="*" headers="*" secure="false"/>

</cross-domain-policy>

But this also make no difference.

It's not quite clear why on Firefox, it says there are references to insecure content.