Comment 71 for bug 44062

(In reply to comment #70)
> I don't see why setting cookies in the .co.uk. domain is a problem. I only see
> a problem if one is able to set cookies for other subdomain.

The problem is that web-apps only see the cookies, not the domain on which the cookie is set, so it can't distinguish between a legit foo.co.uk cookie and one set by an impostor. (the Cookie2 spec resolves this)