Very interesting, I didn’t realise that subresource integrity was entirely missing from the ESM spec. So what this would mean is that, with ESM, any code loaded from any CDN could contain a potential government backdoor. How is this not a bigger issue?
(I’m saying a government backdoor because it would most likely take a state-level actor to force a CDN company to do that but it could, of course, be a disgruntled employee or cracker.)
While straight up injecting unauthenticated JS code is of course easier to exploit, font rendering is a big can of worms and arbitrary code execution with carefully crafted web fonts wasn't unprecedented (although, fortunately, modern browsers have much better sandboxes than IE circa 2011).