I think there might be a bug lurking in the cookie code, specifically here:
https://github.com/EFForg/https-everywhere/blob/master/chromium/background.js#L325

From the Cookie API (which is pretty clunky): http://developer.chrome.com/extensions/cookies.html#method-set

When setting cookies, specifically the "domain" parameter means: "The domain of the cookie. If omitted, the cookie becomes a host-only cookie."

I think we're (maybe) accidentally stripping the host-only parameter (by never checking it, and always setting a domain), which might duplicate those cookies.