Web sync not using cookies

I noticed that web sync doesn’t use cookies for the refresh token and other session tokens. I was wondering if this was the intended behavior.

Is the plan to rely on disk persistence? I know it’s not safe to store cookies in local storage, but maybe it’s different when using the storage of a PWA.