What seems to be happening is that someone's server gets compromised, and the attacker uploads malicious JavaScript to attack the site's visitors. Of course, a competent admin will reverse these changes as soon as they are detected. So, attackers have started modifying the copy of jQuery that's already deployed on that server to insert malicious code, as the developer is unlikely to notice or overwrite changes to that file.
So, the message is "don't trust anything on your server if it might have been compromised". :-)
tl;dr: the URLs are too fragmented to get cache hits for commonly used shared libraries, so you end up having to do a DNS lookup and download them over a cold TCP/HTTP connection. This is slower than simply serving the 20-30KB of data directly from you own site.
No. If you jump to the end of the long discussion, the last comment says:
I'm sure there will be a similar discussion in the near future (especially as things such as SPDY / HTTP 2.0 get more traction), but for the time being, we'll stick with the CDN.
So, the message is "don't trust anything on your server if it might have been compromised". :-)