Questions about Flash crossdomain.xml

Adobe provides DTDs and XSDs for crossdomain.xml validation. However, I don't understand when exactly Flash sends request for these DTDs or XSDs and how.

Also, what happens if an HTTPS server returns a crossdomain.xml document with policies as below;

<allow-access-from domain="http://example.com" />

How should a browser behave if the domain attribute contains protocol. In above case, since default secure attribute is true, HTTP domains should not be allowed. But since it explicitly stated http in domain part, is it allowed?