The 403 error is actually a good thing because it is not allowing direct public access to the path you have provided above, which you definitely do not want.
I actually use the Kimli Flash Embed plugin on my site and it is not blocked by BPS so my question is what exactly are you trying to do on your site? I can't think of a good reason to have a link pointing to the kimli admin folder and to a config file. Your link should be pointing to a Flash SWF file. So please explain or provide a link to exactly what you are trying to do with Kimli.
Or if this is only happening in the WP Dashboard admin area then most likely you have not activated BulletProof Mode for your wp-admin folder, which would mean the root .htaccess security filters are being applied to the wp-admin folder.