Thanks, HonzaZ,
Thanks for reporting that there is no real immediate malware threat.
Seems now they only have to retire whatever script has been flagged,
and also generate the missing SRI hashes,
whenever these could be implemented without causing issues elsewhere,
while hxtp://cdn.optimizely.com/js/529790331.js will stay a bit of a controversial item there.
Oh and I'd rather block this running: htxp://i.kissmetrics.com/i.js (online tracker)
and htxp://doug1izaerwt3.cloudfront.net as another ad- and tracking server (found in adblocker's easylist).
polonus