Adding 3rd Party Javascript is always a bit of a security concern. You have to really trust that they are implementing best practices and being incredibly diligent in maintaining it.
I would be surprised if most widget companies are that committed to either privacy or security.
I suspect this isn't the only violation:
https://www.govtech.com/security/Cryptojackers-Hit-Government-Websites-A-New-Flavor-of-Hacking-Courtesy-of-Third-Party-Code.html
I bet there are examples where more than users CPU cycles were being taken.
Adding 3rd Party Javascript is always a bit of a security concern. You have to really trust that they are implementing best practices and being incredibly diligent in maintaining it.
I would be surprised if most widget companies are that committed to either privacy or security.
I suspect this isn't the only violation:
https://www.govtech.com/security/Cryptojackers-Hit-Government-Websites-A-New-Flavor-of-Hacking-Courtesy-of-Third-Party-Code.html
I bet there are examples where more than users CPU cycles were being taken.