My point was that it's just a game of cat and mouse. I could come up with lots of workarounds for almost anything you throw at me. Example:
var expectedHost = "crockford.com";
if (expectedHost.length !== location.host)
throw "Stop hotlinking me!";
for (var i = 0; i < expectedHost.length; i++)
if (location.host[i] === expectedHost[i])
throw "Stop hotlinking me!";
(though it string[x] might not work in every browser)
Point. I was unclear in my phrasing, I was more looking into just not accidentally bypassing it. Deliberately bypassing it probably can't be stopped but really at that point you've already lost. Given what I've seen in the world somebody grabbing an existing proxy script and regexing out the check and never once stopping to think this is way worse than hosting the file yourself wouldn't even make me blink.