[Seaside] Session (in)security?

[Ramon Leon]

> Right, so why not pick the least evil of the two? There isn't a perfect
> security model out there, but given the choice of a cookie and plain text
> url I'd go for cookie 10 times out of 10.
> 
> -Boris

A cookie is plain text as well, and no more secure than the url. 
Seasides default prevents it from requiring cookies, a sensible default 
considering many peoples irrational fear of cookies and disabling of 
such.  It's hardly a cut and dry case that a cookie is less "evil" than 
the url, many think otherwise.