[callahad]

Once AMP stabilizes, I'm hoping Google will encourage the use SRI to ensure that the content is what a site expects: https://developer.mozilla.org/en-US/docs/Web/Security/Subres...

[mschoebel]

Still unacceptable as it would still cause my users to expose their IP address to someone else's server.

[retox]

Unfortunately the ubiquity of FB and G+ buttons, Google analytics and CDN use has raised a generation of web developers who don't see that as a problem.

[kbwt]

Certificate Transparency will reveal the domains you connect to over TLS to a Google server anyway. Assuming you don't already use Google's DNS, that is.

[bryanlarsen]

Google could and should change their requirement to be that the integrity value for the script must be in their approved list rather than requiring their path.