Sorry I didn't post a couple of weeks ago when I was trying out the beta. If the new Save State feature is enabled, it looks like _fnLoadState does an Eval on the cookie right off the bat so as to read object properties rather than tediously parse the string. That's probably not a good idea on the Internet though because it's vulnerable to script injection yah? Since the cookie data is JSON friendly, I'd probably use JSON2 to parse() it. I think it does eventually use Eval itself, but first it verifies the JSON is well formed and function free. (Is there a built-in jQuery way to do that? w/o including JSON2)? The soulless fiends could still through off your values, but I'm guessing that'll just precipitate an error soon enough if it's not convenient to go ahead and validate the upper and lower bounds of the various settings.
Has anyone used one of those end-to-end "guardian angel" solutions that promise to magically relieve developers of such burdens? I want to believe...