I see your point, and I agree that for a well defined environment (e.g. my PC, at home, that no one else touches on pain of very painful things).
However, the big picture is that in general insecure should not be the default option.
Take your example, all you have to do is use it once on another persons computer, and then forget to explicitly log out ... and BAM you're compromised. Of coruse, this would be unlikely, since you are smart and can remember, but for other people they don't have the habit of logging out because they don't need to, so it would be very very easy for them to forget to do this.
(Ideally) The security of the user's data should not rely on eternal vigilance on the part of the user.
Better would be an opt in cookie ssytem, that you can explicitly say "keep me logged in on my home computer". That way when you or our hypothetical less than eternally vigilant user logs in to a public machine they can simply forget to click that option and it doesn't hurt their security.
I'm pretty happy with a "keep me logged in forever" checkbox. The thing I hate is "keep me logged in for a week" checkboxes. It's a pointless middle ground.
However, the big picture is that in general insecure should not be the default option.
Take your example, all you have to do is use it once on another persons computer, and then forget to explicitly log out ... and BAM you're compromised. Of coruse, this would be unlikely, since you are smart and can remember, but for other people they don't have the habit of logging out because they don't need to, so it would be very very easy for them to forget to do this.
(Ideally) The security of the user's data should not rely on eternal vigilance on the part of the user.
Better would be an opt in cookie ssytem, that you can explicitly say "keep me logged in on my home computer". That way when you or our hypothetical less than eternally vigilant user logs in to a public machine they can simply forget to click that option and it doesn't hurt their security.