Lighting small fires/sireworks, hacking (but I lied that I was helping improving their security lol) and false security features. (I.E selling people each other's IP addresses like it was a proxy lol....I'm still not sure if it worked.)
If I am not mistaken, Paypal does not save the login information in a cookie anymore.
A while ago, I don't remember exactly when. I'm a little hazy on the details, too, it might have been something besides paypal...I didn't really know the difference between various sites back then, it could have been amazon or something, but I'm about 90% sure it was paypal. I never tried it again after I took a legal studies course, though, the kind of shit you can get into for that even as a kid is huge. The person who you defrauded can sue for damages, but that's not the worst part. Any companies you get the cookie to can will sue for monetary damages, except they include "loss of revenue due to concerns among potential customers about Identity Theft" in their estimates (real case), so you can end up owing about 500k before the credit card companies even get at you (they hurt your wallet, too). Then, of course, the store/site you bought FROM with the stolen card takes a shot, and the state can sometimes step in...Oh, and you get jailtime (or time in a juvenile correction facility) on top of the debts, of course. And as a minor, you can even be taken away from your parents if things go bad enough. It just isn't worth the risk of potentially over 1,000,000 in monetary compensation and the jail/juvenile correction facility time, in my opinion (this is US law, it may be different in other countries, and probably is if they have any sort of common sense). Also, alot of forums now are built well enough that you can't set a cookie stealer as your avatar anymore (you used to just add "?blahblahblah=.jpg" on the end of your image upload location, which of course led to a .php file, and it passed through).
Also, you may be confusing login information with temporary logged in cookies. Temporary logged in cookies are a random string of text that indicates to paypal who you are, and changes every time you log in. To use these, as I did, you have to make your cookies match these and browse to paypal before your victim logs out or closes his browser, so you're identified as his account. But no, I don't believe paypal ever kept your actual username and password in your cookies, though I may be wrong on that.
Uhm, stole a 8 cm. long knife, and I usually park my bike in front of some lil' beauty-store owned by some old bitch, who didn't want it there. So she had been throwin' it around, I think, cuz it was lyin' in the like 5 meters from where it stood, and the fuckin' brakes was broken off... So I blew her fuckin' window up, just up to New Years...