I’ve seen it recommended to reference jQuery via:
<script type="text/javascript"
src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">
</script>
The idea being most people already have a cached copy on their client.
What if a hacker replaces that file on google’s server? They could do an infinite number of “evil” things from $(document).ready().
Am I paranoid or is this bad practice?
Edit:
Obviously this is a matter of opinion. But I think the best answer is ceejayoz comment
It might be illegal for a bank. Check
your local privacy and data security
laws.
Google has far more tempting targets than their jQuery host (unless it gets used by banks), so I wouldn’t worry too much.
Also, I would guess that your webserver is easier to hack than Google’s servers.