Possibly privacy. If I host a copy of a popular site's Js, I can watch download patterns and have a pretty reliable "has this user logged into site X" detector.
What you could do is the negative "they won't load this file" which could have many reasons (from connection breaking just after the HTML to JS blockers)
And I believe it's a good solution to restrict such a feature to files already marked with a hash on the origin. They would only do that for common libraries found elsewhere as well.
And I believe it's a good solution to restrict such a feature to files already marked with a hash on the origin. They would only do that for common libraries found elsewhere as well.