[eluser]CroNiX[/eluser]
Because the raw data in plain text is in a cookie, on your computer, which you can edit. Picture someone storing the user level that you can just change to "admin" or something by editing the cookie.
If you use the database, it stores the data in the database and only stores the session id in the cookie, so they can't manipulate it. And if the id is encrypted, it will be really hard for them to break figure it out.
Beyond that, cookies are limited to holding a total of 4k of data, which isn't very much for apps that require larger session storage, which the database offers.