Cookies with MACs did in fact get substantially easier, that was in fact a feature people regularly screwed up, and the fact that you have to manually arrange to expire user-based cookies when passwords change is a sign that there's still work left to be done.
The more of this functionality Rails takes over and stops leaving up to developers, the happier I'll be.