After looking up secure cookies, it would appear you have to be on a secure server to use them (and use https for calls). I wouldn't be guaranteed that I could use a secure server on the various customer sites.

Also, I think we wouldn't want to have to move the script and associated files from the regular server to the secure one. (maybe that's not a problem, maybe you can use https from the same folder on the server as before, I'm not certain on that.)