True. We have an "if IE then emit polyfill.io <script> tag" call in the backend, which limits the security surface area to IE and also prevents an otherwise unnecessary extra HTTP request (we only use it for Intl). We feel that's a reasonable middle ground.

If I'd use it for all polyfills (which we should maybe consider!), we'd likely self-host the service.