Today I sat the 2017 Higher Computing exam paper. One of the questions was to name a security risk of tracking cookies. One mark.
I just rambled a little about targeted advertising and monitoring visited pages in an attempt to get the mark, but I wouldn't consider this a security risk.
Just to satisfy my own curiosity, can anyone actually think of a security risk from tracking cookies? I'll try to remember to update this with what the valid answers were, but they won't be publicly available for months.