Before I start developing this solution the way I have it planned, I want to be
sure if it is feasible... because I'm not sure it is.

The idea is to have a server-hosted Flex website whose content can be updated
via an AIR desktop app. This way an admin could work offline, make any changes
they want and save progress locally, etc., then "Publish" the changes to the
online system.

However, I know there are some caveats and difficulties with file-writing and
file access security issues. Is it possible to, say, use a GUI to create local
content (XML or MXML files), then provide a web address (IP or URL) and a
password to form a direct connection and upload the content?

I could see this happening one of two ways:
1) The program has a basic layout shell which then pulls in content from
various XML or MXML files stored separately.
2) The file maintains itself as one large MXML and then updates its own
contents to reflect the newest modifications, as appropriate.

In either case, it seems that the Flex file would need to be able to
write/modify documents on the server. From what I've done so far, this seems
to be no problem. What I am wondering is: would it be an issue to click a
"publish" button in the AIR app, provide a username/password to log in, and
automatically push the new content onto the Flex server? [ And, if it is
possible, I am also wondering how to work the security -- would I need to go
through some server-side tools like PHP in order to make this work? And, since
the files are being transmitted, would I need to establish a secure HTTPS or
something first, in order to encrypt the login/password submission? How could
I do this? My knowledge of security is pretty basic, but it gets even more
convoluted when throwing Flex in the mix]