The problem is exactly what you quoted, not that the plugin is not open source. Flash can be used for proxy by pass attacks. Using firewall rules and other techniques can make flash safer to use with Tor (and java as well), but with a vanilla configuration of Tor it is dangerous and can easily lead to deanonymization.