Results lead me to links such as this one, which suggests it is indeed legit. If this was a bad practice, posters would generally say so.
Perhaps more interesting, I also found this recent blog post which is a good read. I have yet to read all of it, but it discusses security issues related to the subject.
A while ago Quirksmode performed a good study of handling cookies across different web browsers, resulting in the some useful functions to manage them.
Cleaned up versions of those functions can be found at the cookie handling functions page.