[chrismorgan]

> There are many CDNs, and using resources served from them is not a bad thing.

I disagree. Public CDNs (which is what I take the sentence to be referring to) can be convenient for prototyping, but should be completely avoided for production work. Due to HTTP/2+, cache partitioning, and the ease of private CDNs (which were difficult and expensive even ten years ago, whereas now it’s common for entire sites to be hosted on a private CDN), public CDNs no longer offer any benefit at all in most common/sensible scenarios, and negligible benefit in the near-worst-case scenario, but have performance costs (establishing an extra HTTPS connection) and introduce significant functionality and security risks.

For a good article with some more detail: https://httptoolkit.com/blog/public-cdn-risks/