Currently, the HTTP Observatory grants an extra 5 points for secure cookies and 5 for scripts with SRI; it grants +0 if a site has no cookies and +0 for sites without any scripts.

Secure cookies and scripts aren't as secure as an absence of cookies and scripts, so it doesn't make sense to give sites with these features a higher score than cookieless/scriptless sites. Rewarding cookieless/scriptless sites at least as much could help push the idea that cookies and scripts shouldn't be used unnecessarily.