But it is not even encrypted. And AFAIK most (sane) sites do not store you account information encrypted in the cookie, they store a session id. This session id is then used to find the relevant session information which is stored on the server.