Claims Cookie Security in ASP.Net Identity
Cookies are pretty much the standard way to maintain authentication session for a web site. Unless you use cookiless mechanism, which transmits session as a query string and was shown to be less secure. Whether you store claims in the cookie or not, you are still relying on the cookie security mechanism to maintain the client identity between the page hits. The mechanism has been around for years and is considered secure as long as you follow the implementation guidelines from Microsoft.
Assuming you are using .NET 4.5 or .NET 4.0 with WIF libraries, you can cache claims on the server and not send it in the cookie. Here is some basic documentation. Usually it is recommended if you have a lot of claims and the cookie gets too large to carry on every page hit.
As Oleg wrote, the standard cookie encryption is considered secure.
The discussion here < Server side claims caching with Owin Authentication> could be interesting as well.