The path and domain are not authenticated to make sure site A does not set a cookie fraudulently for site B.
These are called "third-party cookies", and browsers (for example, Firefox) already have knobs to disable them. That's not the real issue here, however.
Another problem seems to be, the browsers present all the values associated with the name to the web site, even the cookies not set by that site.
Not only that, a site could get cookies set by "parent" and "child" sites. Furthermore, a lot of web-programming languages (including PHP, ASP.NET, Classic ASP, and GWT) expose the cookies as a key-value store where the key is simply the name of the cookie, and don't document which cookie they use if the browser sends multiple ones with the same key. (Java is a bit better, it just exposes a bucket, but that's harder to work with.)