Facebook <securecookie> rules break apps
As reported here:
https://mail1.eff.org/pipermail/https-everywhere/2010-November/000475.html
We now need to work out whether there is a subset of cookies that we can secure to prevent account hijacking while still allowing apps to function :(