There are two kinds of state persistence in HTTP: server and "client", or "normal" cookies.
HttpCookie is stored on the client's browser and is part of the HTTP protocol, thus insecure in its nature.
In order to make cookies secure, you should buy an SSL cetificate and force all related pages to be loaded in HTTPS via SSL
As the MSDN documentation says for HttpCookie.Secure:
"Gets or sets a value indicating whether to transmit the cookie using Secure Sockets Layer (SSL)--that is, over HTTPS only."
Setting this to true (e.g. accessing the cookie only if it is transferred over a secure channel), is vital.
You should make sure that this does NOT work
and that only this works
In summary: making a cookie secure means encrypting the whole connection. To do this, you will need to buy an SSL license that works with at least 128-bit encryption (IE supports only that). If it is less (e.g. 64 up 256), it will be vulnerable to brute force attacks.
the Telerik team