Cookie with secure flag may be sent via unsecured channel.
vulners.com/securityvulns/securityvulns:doc:3481