So today I learned at WWDC that a Dashboard widget sending an XmlHttpRequest to a host/path will send applicable cookies that may have been previously set in Safari-land. In essence, you're looking at one big cookie space. However, I was told there's a bug in Widget-land, whereby if a Set-Cookie HTTP header is sent in a response to an HTTP request made by a dashboard widget, it's currently ignored and not being added to the big cookie space. I'll be inquiring more about all this in more in-depth sessions coming-up.
I'd like to take a couple of minutes to remind us all that Dashboard Widgets are full-blown applications that have the ability to do as much damage to your privacy, home directory or system as any other application would. Be mindful of whom you download a Dashboard Widget from, make sure you can always trace a given widget back to a website owner or company. Just because it is listed on Apple's website does NOT mean it is safe for consumption. The barrier to entry for creating a widget is low, very very low, a lot can be done with little scripting knowledge, it's very easy to package and "ship" one.