Doesn't prevent a malicious/compromised third party from serving code other than what's in the source. I think an acceptable mitigation might be subresource integrity though, so you can lock it to a known-good version of a script?