When I sign a letter and send it to you, my signature is a proof to you that I write that letter.
In the case of signing a cookie, the opposite is true.
If I send you a signed cookie, I am actually making sure when you return the cookie to me, it is the same cookie that I send to you earlier on. The signature is for my benefit, not yours.
It is like I put a letter in a transparent box with a padlock and send it to you. You can read the letter, but you cannot change it.
When I ask for my letter back, and if I can open the box with my key, I can be sure it is the original letter, because I am the only one who has the matching key to unlock the box.
On the other hand, if somebody changes the letter and put it in a box with a different padlock, I will not be able to open it with my key because the padlock is different.
I can still read the letter (because the box is transparent), but I know it is not the same one I send to you in the first place.