I have always been worried about CDN being compromised and what a nightmare it would be to applications rely on them. Imagine popping a CDN hosting Jquery code and replacing it with some nasty script.
<script src="https://example.com/example-framework.js" integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC" crossorigin="anonymous"></script>
Unfortunately this attribute is currently only supported on new versions of Firefox, Chrome and Opera. Safari and IE are still behind.