The simple answer: You must allow the xml file to be cached.

This could be a security risk in the situation where the chart data is sensitive. IE7 still suffers from this problem however.

Not only should the flash file itself “charts.swf” be cached, but the XML file used to generate the file needs to be cached as well.

All you need to do is remove any type of “no-cache” headers that are sent for those two files.

Cache-Control: no-cache #=> remove this line (http 1.1)
Pragma: no-cache #=> remove this line as well (if present - http 1.0)

There is a solution though that can still retain some security: limit the cache time to a few minutes or seconds.

That way if the user logs out from a public terminal, the cache would expire shortly — so the next user of the public terminal should not be able to see the chart data by hitting the back button or viewing the cache on the hard-drive.

Cache-Control: max-age=0

More info can be found about Cache-Control HTTP headers from the official spec.