Why? Because cryptography is pretty hard, but implementing a good crypto-system that doesn't leak data, allow attackers to change fairly arbitrary bits, to run tests against your system to recover the secret key, or determine exactly what to change ... that stuff is hard for experts.
If no confidential information will be stored in the cookie then you don't need to encrypt it, you just need a message authentication code, like HMAC [1], to ensure its integrity.
[1] http://en.wikipedia.org/wiki/HMAC Thanks, Nicholas -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
