A few months ago, British Airways' customers had their credit card details stolen. How was this possible? The best guess goes something like this: BA had 3rd party JS on its payment page The 3rd party's site was hacked, and the JS was changed. BA's customers ran the script, which then harvested their credit card details as they were typed in.
A readable explanation of SRI.