I remember Google suggesting that everyone use common libraries hosted by a shared CDN and then suggesting de-ranking slow websites and I think that’s what led to widespread adoption of this pattern.
The only reason I stopped using third-party hosted libraries was because it wasn’t worth the trouble. Using subresource integrity makes it safe but it was part of the trouble.
Sure... Though while I hate to say it, I don't blame people for trusting Google's hosted copy of something. For better or worse, they are more trustworthy than some "as seen on a million janky tutorials" whatever.io. A very privacy-focused employer precluded that possibility during peak adoption, but with what many sites load up, that's the least of your worries.
The only reason I stopped using third-party hosted libraries was because it wasn’t worth the trouble. Using subresource integrity makes it safe but it was part of the trouble.