And this is one of the many reasons why these ad networks need to see some movement towards better security, and that will happen as first-party integration becomes necessary (to overcome ad blocking). Not that I like the idea of ad-blocking becoming something that just won't work, it will happen.

That's why you should always put such external code within an iframe. And if the service doesn't allow, better switch to the one which allows to put code within an iframe.