Weird, the truth is that in order to run in cookie-less mode we need to disable important security feature in Moodle. The only reason to enable this mode is to support mobile phones that do not have session support, but unfortunately you put all other users at much higher risk of session hijacking. iPhone has shown us that it is possible to implement full web browsers in mobile phones too.
Browsers contain new privacy features, you can use for example automatic clearing of private data in Firefox
or Incognito window in Chrome. In any case no shared computer is going to be completely secure because it is trivial to install key loggers or otherwise modify the OS.
The cookieless mode may or may not be fixed in 2.0, I am afraid there are more and more places where we can not inject the cookies manually, things like ajax
and flash will never work 100%. The good point is that vast majority of mobile devices support session cookies now and cookieless mode is not necessary any more.