Tor should deprecate insecure cookie auth
control-spec.txt points out that normal cookie auth represents a security risk for clients.
The Tor daemon should either stop accepting insecure cookie auth entirely, or should log when a client uses insecure cookie auth.