shadowflit made a good point about two-factor authentication. I would also add that by having cookies (and hence a presumed established session with you bank, email provider, or social network) you bypass one of the steps to get what you presumably want: access. I mean to point out that there is no reason to run this script if you already have physical access to a computer with the target's account logged on. You already have the extra access you need.
