Looking at ticket:409#comment:50
For compability with https pages, the cookie secure flag should be set automatically based on the current URL protocol (in setCookie())
And the follow up, ticket:409#comment:53 I would expect a Piwik install that is only available via https to set the secure cookie flag.
However this doesn't seem to be the case, see for example the cookies that get set on this site: http://www.transitionnetwork.org/
The Piwik server is running 1.5.
Keywords: https secure cookie
The behaviour you're expecting can be replicated by using third-party cookies.
Secure cookies is now available in Matomo 3.3.0
-> You can use
_paq.push(['setSecureCookie', true]); to enable the secure flag on all tracking cookies.