Are stand-alone Flash Player versions secure?

There is going to be a lot of content in existence that will remain useful and relevant after Flash Player arrives at its end of life.  There are well-established techniques for preserving and isolating legacy software in modern environments (Citrix Receiver, etc.).

Flash Player, like the browser and operating system, is tasked with processing untrusted content.  Limiting it's use to processing trusted content is definitely a valid risk-mitigation strategy.

How strictly you want to isolate Flash really depends on your circumstances, available resources and your environment.  There are plenty of Java applets still floating around the world's Math departments, which suffer from the same core set of issues and browser restrictions.  (They're also PAINFUL to use in 2018)

I'd also wonder about the long-term viability of that application on Windows 10.  If it's a really old copy of the Flash projector, it's pretty cool that it's survived all of the API deprecations that happened between Windows 8 and Windows 10.  It it was Mac, it would most certainly be broken, and while Windows is more conservative than Apple about API deprecations and backward-compatibility in general, those changes can and do happen in all operating systems.  Part of what we do over here on a day-to-day basis is ensure that this 20-year-old software package continues to work on modern operating systems and browsers.

If it were me, I'd probably offer students the application on a virtualized, ephemeral Citrix instance.  It doesn't even really need network access.  That's probably way overkill given the already-limited threat surface, but you're looking for guarantees.  If the machine gets popped, it's state doesn't persist beyond the user session, and limiting the access of that particular host reduces the risk of an attacker pivoting on your network from the compromised host down to near-zero.

From a general headache and help-desk perspective, if you have the option to migrate your learning materials to native web platform technologies (HTML5 and JavaScript), that's going to give you the best user-experience with the lowest number of helpdesk calls, and you're not spending effort figuring out how to maintain and secure a legacy environment.  If it's just a matter of the department not spending the money for an existing upgraded set of content, you might be well-served by conducting a cost analysis, as maintaining the status-quo will certainly not be free.