||Cookie Specification Vulnerabilities|
I think your first two examples might be misleading.
Sensible websites do not store sensible informations in cookies: a HTTPS website storing private data in cookies is a total disaster anyways. If it did that, it might as well send back your credit card information to you via e-mail. I think this is rather a programming mistake than a cookie vulnerabity: even SSH is not secure if you use a one letter password (note: as one of our clients did some time ago :-)). A decent programmer must know how cookies work, and use them accordingly - e.g. use them for setting up sessions. Probably this is what the moral of your article should have been :-)
Also, as Raju has written, your comment on gTLDs is a little confusing: the domain can be any domain, including ccTLDs. (What is a "regional zone"?)