I've sometimes subdomained a few, select third party services on the same domain. For example, if a third party hosts your landing pages and you wish to own the urls to those, subdomaining is the best way to handle that.
That said, you should practice decent subdomain level security with cookies. You can and SHOULD restrict cookies to subdomain levels. The only exception is for SSO related cookies (that are stored at the domain root) that still need at least a second, shared secret verification at the very minimum.
That said, you should practice decent subdomain level security with cookies. You can and SHOULD restrict cookies to subdomain levels. The only exception is for SSO related cookies (that are stored at the domain root) that still need at least a second, shared secret verification at the very minimum.