CodeIgniter support some basic web security by default!

I think its better to enable this basic security options by default.
It’s more likely that users who build a new website or application from
ground up, and use CodeIgniter can get used to this and eventually turn
this off. From a web security perspective, we can support a more secure
web, by default! Who agrees?
diff --git a/application/config/config.php b/application/config/config.php
index ae748de..4ee87ae 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -302,11 +302,11 @@
 $config['sess_valid_drivers']	= array();
 $config['sess_cookie_name']		= 'ci_session';
 $config['sess_expiration']		= 7200;
-$config['sess_expire_on_close']	= FALSE;
-$config['sess_encrypt_cookie']	= FALSE;
+$config['sess_expire_on_close']	= TRUE;
+$config['sess_encrypt_cookie']	= TRUE;
 $config['sess_use_database']	= FALSE;
 $config['sess_table_name']		= 'ci_sessions';
-$config['sess_match_ip']		= FALSE;
+$config['sess_match_ip']		= TRUE;
 $config['sess_match_useragent']	= TRUE;
 $config['sess_time_to_update']	= 300;
 
@@ -351,7 +351,7 @@
 | COOKIE data is encountered
 |
 */
-$config['global_xss_filtering'] = FALSE;
+$config['global_xss_filtering'] = TRUE;
 
 /*
 |--------------------------------------------------------------------------