Correct Piwik could only set first party cookies when hosted on the same website being tracked. We could have a FAQ setting to set first party cookies in this case... but not by default since most of the time piwik is hosted on a different hostname I suppose?
It is true that the API can't set a cookie directly for the app using it. But if the API returned such a cookie, my server-side tracking component could sent it to the browser and return it to piwik upon the next request. This simply aids the reliable detection of returning visitors by the means of the piwik tracking cookie.
FYI... aspects of this request were already implemented (in an interesting but ultimately not-integrated patch) in [/ticket/2699]. That particular patch was more expansive, but it may be possible to use a subset of its changes to expedite this functionality.
Incidentally, I have a shortURL processor and a WordPress installation on subdomains of the same domain. The shortURL processor must use the PHP library (no JS is loaded during a redirect) to capture key data like the referrer. Because I trust client VisitorIDs, I need to set (and read) the VisitorID from PHP in order to link that data to Page Views in WordPress.
Obviously, I have an extreme case since JS is impractical, but there are other cases (including the case motivating the patch mentioned above, [http://forum.piwik.org/read.php?2,81615,82036]) where a combination of PHP and JS is desirable despite domain limitations mentioned in earlier responses.