When the CDN was slow, every user noticed and thought your website was slow.
You gave away free analytics and made your website worse, there wasn't even a trade off.
Supply chain attacks will cause catastrophic damages and massive internet problems one day, as they have. DDoS/outages to the cdn js/resource suppliers and websites come to a standstill. why not host your own .js files? lazy upkeep?
I don't have a solutions for it all, but better to think about solutions now than when solutions are needed because a massive hack happened at some point.
Still, I see the allure of having someone else cdn for you. They have a significantly better serving system than many of us, and it's traffic we don't have to serve.
A naive usage of cdn will have both information-leak problems and expose a security issue, as described in the article. But.
You can basically eliminate the information-leak problem by using a restrictive referrerPolicy (which can be set on fetch or a <script> tag). This will quite effectively blind the cdn to where specifically the traffic is coming from.
You can eliminate the security risk by specifying a subresource-intergrity for your assets. This will prevent the CDN from modifying the file from what you expect.
One security flaw and thousands are affected.
Maybe back to on prem would be better.
I know this is not how most sites operate these days, but consider that your visitor wants to visit you and getting your website. Whenever you embed stuff from other servers you not only gift away your user-data and breach their trust, you just doubled your attack surface and lowered the reliability of your site. And for what exactly?
My suspicion is that developers find it easier to paste a CDN include than downloading the file and including it themselves. Because performance my ass.
That's a bit like that cookie notice thing. Guess what: if you don't collect personal data and store it on your users computer, you don't need to ask them for consent and suddenly your site looks a lot cleaner and needs to deliver less data.