The short answer to the OP's question is, "No, your cookies are not secure because you're only passing the first three parameters to the setcookie function. The other parameters are really important and should not be ignored"…
bool setcookie ( string $name [, string $value = "" [, int $expire = 0 [, string $path = "" [, string $domain = "" [, bool $secure = false [, bool $httponly = false ]]]]]] )
$path – You'll probably want to set to '/' since you probably need your cookie available on all pages on your site.
$domain – I'm not sure if you're using a subdomain, but set it to the most restrictive value possible (for maximum security). So 'www.yourdomain.com'. If you're not using a subdomain I've noticed the browsers implement things differently than the W3 spec. The spec says that '.yourdomain.com' and 'yourdomain.com' should act the same way (e.g. the cookie is available on all subdomains), but if your host name is yourdomain.com (e.g. no subdomain), then setting $domain to 'yourdomain.com' only sends it to that one host name. It's not available on other subdomains. To get all subdomans you'll need to set $domain to '.yourdomain.com'.
$secure – should be set to true (or 1). That means the cookie will only be sent over encrypted, HTTPS connections. Which means your site needs to be encrypted. If it's not, stop now and get it encrypted and then revisit your cookie question.
There are other things you can do to increase security (many of which are mentioned above), but you first need to start with using all the parameters in the setcookie command.