When you include a resource such as fonts, stylesheets, scripts from a third party (CDN) it has privacy implications as well as security implications.
The CDN entity serves files to your site users and thereby:
- can track your users by IP, browser information etc
- can manipulate content, inject malware, spyware, ransomware.
Point 2) can somewhat be fixed by using integrity tags on the cached content containing a hash of the payload called SRI.