Surely the fix: Change the button so it says "Allow users to view my cam" instead of "click here", and disallow anything from changing the style of it.

Doesn't seem like a big threat to me. Any evidence it's a threat for anything other than flash settings?

That's not the problem though. The problem is that there's a layer on top of the flash which clicks still register to. There doesn't have to be a button at all, it just so happens that this example uses a button (controlled via javascript on this extra layer) that knows the pattern of where to click to allow the cam/mic to be used.