Absolutely. Please be very careful who you trust when adding 3rd party JavaScript. They don't even have to malicious themselves, just get hacked on their end, and then all of their customers are compromised as well...

Exactly. I don't even use hosted libraries like jQuery from Google, I always host them myself. Also because it exposes my visitors to yet another tracking server if I use external sources.