Cookies are usually stored as plain text or in the database by the browser and if a computer is accessed by multiple people, one person might scan another's cookie folder and look for things like passwords or long-life session IDs.
Learn Insider Threat Detection with Application Response Strategies
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.Join Now
The Google Chrome web browser also saves cookies to a SQLite database file in the user's data folder. One can import that file to SQL Editor software to read all cookies in plain text format.
Google's open source project Chromium browser now have a new feature that encrypts stored cookies by default by the browser, whereas similar feature is already implemented in Chrome OS and Android OS.
In the case where someone gains local access to a computer and scans for cookies, encrypted cookies prevent the attacker from viewing the cookie contents.
Another important fact to be noted that, this encryption is at system user level i.e. This will only protect the cookies of a system user from the access by other users on the same system. So, if you will hand over your user account logged-in to an attacker, one can still access your cookies in plain text.
Google may soon adopt similar feature in the all official desktop versions of Chrome browser, that will encrypt the browser cookies with 128-bit AES encryption before saving to the hard disk.
Encrypting browser cookies provide an additional level of security, but not sufficient until Google will not start protecting them with some master password that will also lock the access to encrypted cookies for the same windows user.