Just FYI for Mac OS X users: Safari has a bug (also present in some old versions of Mozilla / Netscape 6.x) which makes it possible for third-party sites to steal domain cookies.
Hypothetically, this could allow a site you visit (even accidentally, or as an inline image) to steal your temporary session cookies and your stored password (if you selected "remember my password") from Wikipedia. A stolen password cookie could be used to login to the wiki with your user name; hijacking a session cookie may be possible as well.
I've tightened up the cookie settings on all other Wikipedias so that if you clear any old cookies you might have from them, the new cookies should no longer be vulnerable to this bug (because they will be set only for a specific hostname, eg fr.wikipedia.org, and the technique doesn't work on such a cookie). However the en.wikipedia.org/en2.wikipedia.org setup currently requires using the domain cookie to share sessions between the two servers and remains vulnerable. (Not to mention all those other web sites out there!)
If you're using Safari, consider clearing your stored cookies and disabling accepting new cookies until Apple releases a fix. Mozilla 1.5 and Camino 0.7 are not vulnerable and are very functional browsers.
-- brion vibber (brion @ pobox.com)
wikipedia-l@lists.wikimedia.org