I would store a user ID and a token. When the user comes back to the site, compare those two pieces of information against something persistent like a database entry.
As for security, just don't put anything in there that will allow someone to modify the cookie to gain extra benefits. For example, don't store their user groups or their password. Anything that can be modified that would circumvent your security should not be stored in the cookie.