"that dos not hinder my experience" aye, there's the rub. Extra security comes with extra inconvenience.
I think I do understand security pretty well. For instance, under my direction the Burroughs Operating System was granted a DOD C2 security rating--the first ever commercial OS to get that certification.
Security is invasive. Security good enough to do anyting needs a lot of things.
First, your local site must be physically secure. If you allow access to it, all bets are off. If you let malicious software access your system all bets are off.
Second, the network must be secure end to end. This means you need to run (at least) SSL.
Then you can worry about the software on the other end of the connection.
You can refuse other zenphoto cookies too, if you wish. You will need to enable gallery sessions on the gallery options tab. I am not sure what value this provides you as these cookies contain things like search parameters. But things will work and you will be inconvienenced only by the session maintenance.
Do all of these things and zenphoto will be quite secure. Don't do them and there are potential attack venues.
Did you know that it is not too hard to pick most door locks? Better locks just take longer. Prudent people with something to lose install alarm systems. But even these are reasonably easy to circumvent. What you are really doing with all this is making it more attractive for the perpetuator to go somewhere else.
Computer software security is similar to this. Why would anyone hijack your zenphoto server for nefarious purposes when it is so much easier to hijack someone's personal computer to for the same purpose. It would be much easier for me to place a keystroke monitor on your system than to brute force crach the zenphoto password encryption.