Hello!
In the Basque project Txikipedia we use the font-face "Gochi Hand" for making things more interesting to kids. This font is loaded in MediaWiki:Gadget-TxikipediaTab.css to import it from toolforge, instead of from Google Fonts:
Previous code
@import url('https://fonts.googleapis.com/css?family=Gochi+Hand');
Current code
@import url(https://tools-static.wmflabs.org/fontcdn/css?family=Gochi+Hand);
Some weeks ago, without further notice, @Ajraddatz made a change per m:SRM asked by @Legoktm.
Currently the only way we have to put this font (that has been decided to use in Txikipedia) is using the toolforge fontcdn tool, because is the only way to have fonts without information being tracked.
If we can't have this call to a font in toolforge, we would need another way to have this typography deployed in our wiki, but I want to be sure that this is really a security breach before proceeding.