Also subdomains could set cookies on parent domains. Also causes a security problem between sibling domains.
I presume this issue has been reduced over the years by browsers as part of the third-party cookies denial fixes...?
Definitely was a bad security problem.