It's fine to load jQuery from a specific server that you trust. It's also fine to load ads from the ad network's server, as long as they are policing uploads properly. The problem is they usually don't.
You keep saying they usually don't, but billions of harmless ads are served every day while only a tiny fraction of the served ads are malicious. I just don't see how it's reasonable to assume depending on a third party ad network for content is fundamentally risky yet depending on some other third party service is not. CDNs and other hosting services get hacked and serve malicious content sometimes too, but that is also very rare and also usually gets fixed very quickly if it does happen.
They don't have a system that makes malicious uploads impossible (outside of hacking, of course). They could implement such a system, without much trouble. They choose not to.
Using a third party ad network is not inherently risky. But most specific third party ad networks are risky, because of bad practices.
That most ads are harmless is enforced through social norms and after-the-fact takedowns. They could do better, but don't. Negligence.
OK, so let's be constructive. What reasonable, practical alternative do you suggest for someone who is just running a small site and wants to cover their hosting costs?
You keep saying they usually don't, but billions of harmless ads are served every day while only a tiny fraction of the served ads are malicious. I just don't see how it's reasonable to assume depending on a third party ad network for content is fundamentally risky yet depending on some other third party service is not. CDNs and other hosting services get hacked and serve malicious content sometimes too, but that is also very rare and also usually gets fixed very quickly if it does happen.