I have couple of .swf games files uploaded to my server. I want to run some test, but I dont want to expose or let public/others people to see our swf files. Currently, if I type:

www.domain.com/games/game1.swf

It will play the swf file.

I tried to visit some other flash game based websites. When I visit one of the swf files (e.g www.xxx.com/folder/flash.swf), it would redirect me to the homepage (www.xxx.com)

Is this the correct way to prevent public people to view my swf files?

There are a lot of swf-to-fla decompiler third party software, will my swf files secured?

Will my swf files being hacked/stolen (code and graphics)?

Once your swf files being hacked, will my website safe from web attacks?

How to secure swf files?

Please help

You have a lot of questions here.

When I visit one of the swf files ... it would redirect me to the homepage ...

I would suspect this is implemented by checking the 'HTTP_REFER', when loading the .SWF page. You could do this if you like.

Is this the correct way to prevent public people to view my swf files?

No. Depending on what server you're running, you should put some authentication on the folder '/TestSwfs', and then upload all your swfs to there, and you will need to log in first. Fairly simple to do this in both IIS and Apache, but let us know which one you are running.

There are a lot of swf-to-fla decompiler third party software, will my swf files secured?

I suspect not. There are probably SWF Obfuscators though, but they can still be reversed.

Once your swf files being hacked, will my website safe from web attacks?

It shouldn't matter. You should not be inlcuding secrets/passwords in your SWFs that you don't want to be public. You may be writing high-scores, and you can step up the complexity required by doing some crypto, or other such things, but really, for just high scores, it's probably not important.

Design your SWF code so that even if it was public, your server would be safe.

One additional point to Silky's answer.

You should implement REST Api correctly in your SWF, that will assume that even if someone can hack your swf (which is very easy), the can not login to your server and manipulate any data or bring it down.

You should never directly alter database by using direct apis, you should always use webservices instead of database connectivity tools.