To be fair, this incident demonstrates the danger of sourcing external scripts from little-known {1} providers providing a contentious {2} service. Yes, they may have better security than your own domain's server, but, if that's true, they're also more likely to be a target (all else being equal).

1. (Well, I'd never heard of them before)

2. Trying to subvert ad-blocking, albeit in a less intrusive manner than a 'real' ad, possibly.

EDIT: asterisks don't work for footnotes, do they.