Re: Why do browsers allows JS from other domains to run
I see your point, but it's essential in some cases - e.g. checking a payment using Verified by Visa loads the Visa JS from Visas site (if I allow NoScript to run some JS from those dodgy-sounding domains when prompted). However, I really wouldn't want multiple "local" copies of that.
"...i get the third party components, bundle and test them then distribute".
Unfortunately that's why you get multiple installs of Java on some systems, all out of date.
Every solution has its own problems :-( The real question is, 'is the "trusted" site trustworthy?'