From the performance point of view is better to use that public CDN. But they have control over the javascript, and they may change it at anytime. Maybe too paranoid, so just thinking about it.
If you're that paranoid, it probably wouldn't be hard to set up a simple cron job that downloads the CDN's copy and compares its hash against a known local copy on a regular interval.
but the CDN provider might 'fingerprint' the script based on IP/frequency/headers etc and always return one version, whilst returning a different version to others... ? ;-)
From the performance point of view is better to use that public CDN. But they have control over the javascript, and they may change it at anytime. Maybe too paranoid, so just thinking about it.