Wait, why would an acceptable ad network have JavaScript at all? Maybe a minimal, pre-approved bit of JS to help the network understand where the ad is being placed, but even that is questionable.
Frankly, I consider it somewhere between bizarre and obviously wrong for any serious website that needs to follow HIPPA, PCI, or any other reasonable security standard to allow un-audited third party JS at all.
