How secure are CDNs for delivering jQuery?

Question

We build sites that have a public (non-secured) area and secured (delivered over HTTPS) area and we use jQuery library.

Recently I suggested we use Google CDN for jQuery

Answer 1

As your colleagues point out, hijacking a DNS server would be an issue here. It wouldn't be if you served the library from the same host as your site. However, if one uses HTTPS, it is unlikely that the attacker would have a valid certificate on the spoofed site. I do not know how browsers would react to this, but I suspect they would flag the site as unsafe (since some part of it can't be trusted) and act accordingly.

So in short; if the CDN is also accessed using HTTPS, there shouldn't be any large risks.

Edit: Also consider the privacy issue mentioned by Gert G.