First off, thanks for developing the domain mapping plugin - it's very useful. However, before I put it into production use I'd like to learn more about this "cross-domain cookie" thing, as it sounds like a possible security issue.
What do you mean exactly by "cross-domain cookie" syncing? Why are you modifying the cookies? Aren't the cookies double hashed?