From the spec:

If a cookie is marked secure, it will only be transmitted
if the communications channel with the host is a secure
one. Currently this means that secure cookies will only
be sent to HTTPS (HTTP over SSL) servers. 

If secure is not specified, a cookie is considered safe
to be sent in the clear over unsecured channels.
[download]

So a secure cookie will only be sent back to the server (from the browser) over an HTTPS connection.