[zenexer]

On the other hand, you end up leaking cookies between the two subdomains when you take this approach. If one site gets hacked, so does the other. It’s better to use two separate domains and begin establishing trust for the new domain.

[infotogivenm]

Only if you don’t pin your cookies to the subdomain and/or are not using HTTPOnly. Even if you screw that up, cookie tossing in general is a rather low risk item; I don’t think its accurate at all to say “if one site gets hacked so does the other.”