It's definitely safer with a whitelist, however it is still riskier than not shipping Flash at all. A limited exploit might get around the whitelist, and then use any second exploit of Flash to break completely through.