Why is the username base64–encoded in https://github.com/symfony/Security/blob/master/Http/RememberMe/TokenBasedRememberMeServices.php#L106 ?

It is actually double encoded because all the cookie's data get encoded after all.

I couldn't find the explanation in git history and the reason isn't obvious (at least to me). Tests say that it is required but they don't say why.

A comment in the code (and/or the TestCase) could be useful – I can make a PR after I understand what's that for.