You mean the two-factor authentication that would never be invoked because the auto renewing cookie would prevent the password prompt from ever displaying????
That's exactly why the cookie expires. So that at some point in time the user proves he/she is who he/she says they are, by entering a password or via the 2 factor auth. The time that Mark has implemented is 30 days which is generous and not onerous.
I agree it is not a big risk but I think we're beating a dead horse here and should let this discussion fade away....