It's a security issue because someone can compromise google's CDN, or cache poison, or DNS poison/hijack that, and can inject malicious JS code into a large number of websites with one attack. If you're running a payment related it pays to be paranoid.
