As a PayPal user, I welcome this innovation. Now watch, a guru with superior knowledge is going to come along and explain why this could be a bad thing.
I must say that I didn't really understand the technical part, but if it is effective then this tech should be available to all web services. Also, how about making sure that the cookie never gets stolen in the first place? Cookies should be better protected by for example the browser, simply deny ALL processes except for the browser to access cookies.