The third party service can provide you with some JavaScript you inject into your website. It stores cookies on your domain instead of a third party one.
You don't need cross-origin scripts for this: you can host it yourself.
If you were to disallowed loading scripts cross-origin, everyone would just end up creating subdomains for everything you wanted to load, which would be worse security-wise I bet, as you'd lose some of the cross origin security features we have today.