[kgwxd]

The third-party part of it is the major security risk. If you just want hide elements on a page, there's simpler tools just for that. If you want to protect yourself, and maybe discourage the rest of the world from thinking it's fine to include arbitrary third-party code in their products, use something better.

[ForHackernews]

I don't think this follows the way you imagine it does. There's nothing stopping me from serving arbitrary third-party code directly from my own domain. If blocking ad domains becomes commonplace, they will just proxy it through first-party domains.

The only way out of this nightmare is legislation: stiff penalties for intrusive adtech and breaking up large tech monopolies so google isn't both seller and auctioneer.