But with HTTP2+, serving from your own domain has no performance impact unless you're limited by bandwidth or extreme latency, and often can improve things by avoiding another DNS/TLS/TCP connection.

I've been down this road. I don't know what it is, but many web developers are extremely adverse to doing it. Even once you've convinced people to let you do it, the first PR from a new hire is a fix for this "bug".

not sure how it's relevant here though

As I understood the answer, the expanded version would be "the only disadvantage is having to spend an unreasonable amount of time arguing about this issue, which will drag on forever since it is relatively minor."

Years ago, when I worked at MSP serving quite a big federal customer... We received a ticket what $companysite.tld isn't working. Pretty unusual, but the first things first, so I just type $companysite.tld in the browser. It works fine.

Okay, ignore then.

But, no, 15 minutes later we receive an email with a tons of people in CC and a lot of !!!!s in the subject and body what the site is still down.

I again check it from my machine (which of course was in the MSP office, not on customer premises), it works fine, DNS, tracert, yada-yada.

Our network team replies what $companysite.tld responds to ping so everything works fine from their POV. Duuuh.

Okay, I hop to the management station located in the customer's DC, test the site there... and it doesn't work there. Just a blank screen, no errors, nothing. Which is pretty strange because the site is hosted in the same DC. DNS resolves to the proper records, ICMP works including traceroute...

Well, long story short, after 30 minutes of head scratching and dozens of emails with ever longer list of people in CC it occurs to me to hit F12.

I open the developer console, switch to Network tab, type in $companysite.tld and I see what the traffic is starting to flow just fine, only to stall to a halt at... googlefonts.com (or whatever TLD they used).

At this point I just calmly sent an email explaining what the site was working just fine, it just wasn't able to properly load from the customer premises because of the block of Google services.

To summarize:

somebody from the customer ordered to block Google services on the network level (don't even ask);

network team (certified Cisco CC** folks!) implemented it by dropping traffic instead of denying - so the firewall would notify the client station about that and the browser would abort the request to googlefonts.com and wouldn't wait a full timeout for each request (don't forget DNS records resolved just fine, if they sent NXDOMAIN for it there wouldn't habe been even an attempt to connect);

network team diagnoses the availability of the web-sites by using ICMP ping... but that wasn't the first or the last time when I was quite... disappointed of their qualification.

While it is very rare for major CDNs to go down, it happens, and even more shenanigans can happen on a network level between some client and your website (and proliferation of DPI by various countries, agencies and enterprises doesn't help here too).

So if you are on the payroll just host the fonts (and honestly - all assets, if applicable) with the web-site and sleep soundly. Of course if you are paid for each "incident", then Web3.0 is all yours. *grin*