@zoowar Idea is:
1. I visit random .se website that doesn't think they need a CDN. They embed a third party link to googlewhatever.com for jquery-v1.3.37.js
2. googlewhatever.com is backdoored by whateveragency or malicious third party hacker that manipulated their way to a Verisign *.com certificate and can MITM me at the Tor exit I use.
3. They only do it very rarely, once in a thousand requests. Which changes the javascript and I notice that "hey, this is the same version as before - but updated? that can't be right!".

Go to any hipster web 2.0 website and they'll link crap to random third party sites. Anything from my local municipality to Wikimedia SE's projects and anything else that doesn't have a fulltime staff to run a distributed CDN but buy into the idea that the web should load in milliseconds instead of centiseconds.