I would argue that deleting cookies and passwords automatically is a good security move.I usually set machines to wipe all internet traces on closing the browser, AND on rebooting. No-one is going to get a chance to hack my - or my customers - browser cache for passwords or other personal details