Cookies are not arbitrarily sent to any server. If Google has a separate subdomain they use for authentication (say login.google.com), they can instruct your browser to only send the relevant cookie to that subdomain.
Good point, though it sounds like it'd very challenging to train users to notice the absence of a special image... especially when it's normal for that image to disappear whenever they use a different browser or clear cookies.
theGimp|12 years ago
eli|12 years ago