You don't need cross-origin scripts for this: you can host it yourself.
If you were to disallowed loading scripts cross-origin, everyone would just end up creating subdomains for everything you wanted to load, which would be worse security-wise I bet, as you'd lose some of the cross origin security features we have today.
If you were to disallowed loading scripts cross-origin, everyone would just end up creating subdomains for everything you wanted to load, which would be worse security-wise I bet, as you'd lose some of the cross origin security features we have today.