Re: Don't load third-party scripts
So what's the alternative, exactly?
1. Write, maintain and test everything in house. Oh, and remember to document it too, because otherwise you're just storing up trouble for next week. And even then you'll still have dependencies - on browsers, on server platforms and scripting languages - and vulnerabilities will still creep in. I'm not really seeing the business case for that.
2. Make sure every resource is fully audited, and can't be amended without appropriate hoop jumping. This is marginally less work than (1) (and commensurately slightly less secure), but frankly it's still a shedload of effort for very small return.
3. Avoid scripts entirely. Congratulations, now you spend your whole life saying "no" to the marketing department. Good luck keeping your job, even if your company can survive.
Or 4. Accept that the occasional breach is part of your normal operational costs. Just like you expect employees to pinch some of your stationery, you expect customers to duck out on some of their bills, so you also expect hackers to disrupt some of your transactions. Accept it, model it, budget for it. Move on.