Cookies are definitely deleted when you close the Tor browser. It also comes with NoScript configured for compatibility. What I mean is that it isn't configured for maximum safety, just good safety with settings that don't break the whole web (like it does if you prevent any un-whitelisted site from running, which is/was the NoScript default).I don't know of any exploits that will bypass the out-of-the-box configuration, but that isn't my specialty, so take it with a grain of salt. You may or may not want to go to "about:config" and change "network.websocket.enabled" to be "false." There's some contention about whether or not it's really safe to have it on, but the Tor project says it is & the browser ships with it that way... so one would think it is. Your call though.Other than that, I wouldn't worry too much.