I get your point,
but actually my question was realted to the security issues that an instance of auth session could bring to your application.

In my opinion (after have checked the source code of Zend_Auth::getInstance()), in order to check if a session exists ZF creates it executing a call to new Zend_Session_Namespace('Auth')!
So, if it didn't exist before, after checking it will exist, and a cookie auth will be created! It will be empty but in facts it will be created!

Someone maliciuos user that tries to hack our application bypassing the login usin some tecnique of coockie poisoning could find an auth cookie instancieted, even if our purpose was just to check the privileges not to gain them!

Addinctionally I think your idea to set authenticated data in the same session coockie 'Defualt' could be a wrong idea, because of the fact I've just explained.