[pestaa]

No offense, but from my perspective you're getting a little rude here without really explaining the situation.

So far I grasped from you that external static files compromise the security model so much it's worth the time and effort to keep up to date with them locally and be okay if the page load times suffer (they do especially with minimalist sites.)

I understand the risk that Google CDN might be hacked and turned into a data mining monster, but it would, at the same time, infect so many important and popular sites on the whole web, I can't even imagine my sites being targeted.

[dekz]

    but it would, at the same time, infect so many important and popular sites on the whole web, I can't even imagine my sites being targeted.

Maybe, or maybe it's exploited to target only your site by detecting referrers and only serving your site malicious javascript. Thomas is correct in arguing to host your own.

[pestaa]

This implies I can do it better than Google or any other big-name-company CDN I happen to trust.

I don't know about you or Thomas, but this isn't true for me.

[tptacek]

You ignored the point I'm making. You don't have a choice but to do "static file hosting" securely.