Is the crossdomain.xml necessarily need to be there for accessing the server ?
No. It is required for a browser based SWF that is located on a different domain from the server. But, a SWF served from the same domain does not need a crossdomain.xml place. A Flash Platform App deployed outside of the browser, as an AIR app or mobile application will not need a crossdomain file to access the server.
What happens if we don't have a crossdomain.xml policy file while the SWF file is accessing the server for data ?
If the SWF is served off the same domain as the server; then nothing will happen. If the SWF is on a different domain, then your remote class will dispatch a fault event; which will contain a security error of sorts.
Is there any default restrictions the server may have to access its data if we don't place a crossdomain.xml ?
Yes, but nothing I haven't already said. A SWF served off the same domain as the server can access files/services on that domain. A SWF served off a different domain cannot.
As an example a SWF located at http://mydomain.com/mySWF.swf
will be able to access http://mydomain.com/service/MyServiceEndPoint
or http://mydomain.com/someImage.gif
without any issues. It will not be able to access http://myOtherDomain.com/service/MyServiceEndPoint
or http://myOtherDomain.com/someImage.gif
.