[eluser]Derek Jones[/eluser]
RFC 2965 I believe supersedes 2109, but regardless, that something is allowed in an RFC does not always translate to being a good idea to allow at the script level, particularly with PHP in this instance. This restriction is intentional to keep security tight; one of CodeIgniter's goals is to help developers keep their applications secure, even protecting them from themselves in some cases. In this instance, doing a foreach on GPC and outputting the keys, where in some circumstances, PHP would attempt to parse portions of keys named such as the one above as variables.
You are of course free to extend the Input class and override this method to meet your needs. We might consider instead of disallowing them and exiting, simply replacing dollar signs in cookie keys so that CI is still protected, without requiring that applications running along side it follow the same stringency.