As far as the outside apps, that would be what I would call a "bad" app <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" /> ..one that searches your HD for cookies? That program wouldn't get used by very many people, and if it did, I would call it a virus. That's not an insecurity of cookies...it's an issue with virus type software.
As far as the JS, I saw that, and it's interesting, and as you mentioned, a bug that w3t even allowed it. Again...not a cookie problem.
