Standard crossdomain.xml not secure enough?

The Situation

My game is hosted on a website “www.ExampleGameHost.com”.
I use the Server Side High Scores script from the unify website
to access a database on “www.ExampleHighScore.com”.

This ‘standard unity crossdomain.xml’ works nice, no problems with getting that to work.

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

My Problem

Short & easy: My highscores got hacked.
This guy was able to insert totally insane scores there,
a situation of which I strongly disappprove.

So I changed the third line in my crossdomain.xml to

<allow-access-from domain="www.ExampleGameHost.com" />

With this the PHP request is not done right anymore,
my game freezes (normally only until the request is done).

Additional information
I’m don’t really have PHP-knowledge so I don’t know if this is important;
but my game is not started with the standard html file provided by unity,
but launched via a PHP link like

http://www.ExampleGameHost.com/launch.php?game=826

crossdomain.xml is only an advisory limitation on other websites, enforced by your browser (and the Unity player), to protect the user from you. It does not protect you from a user accessing your site with whatever tools they like. If you have a server that lets a request change the highscore table, any most junior script kiddy can send whatever requests they like to your server.