As long as you embed it with an SRI integrity hash, you're safe, even if the remote server is compromised.