I especially also don’t get this for fonts. It’s so easy to statically include a font file and make it the most reliable aspect of your webpage.
Instead, it’s basically part of the modern web experience to me that certain sites are almost unusable, because they rely on fonts for their icons and the fonts haven’t properly loaded (yet).
I can only assume it’s because of possible future updates. As unlikely as it sounds that’s the main driver for using external libraries like jQuery.
Just tell anyone who tries to download the font that they could instead use the convenient link and not have to worry about it.
Well, I did specifically pick out fonts, because those very rarely get updates. Many of them have been created years ago and are just sort of “finished”. And if they do get an update, it’s rarely security-relevant.
When I asked a webdev colleague about it, he told me that it takes 1 minute to add the link and 5 minutes to bundle the font file, and none of his customers complained so far.
Privacy and security are just not a concern here, because they’re not a concern for his customers.