This was possible because back then it wasn’t possible to check the integrity of the resources loaded from a third party.
I found this very important and useful since the websites and applications are rarely composed of resources from a single origin. The trend lately has been to load resources from CDN for better performance. With this specification developers can benefit the performance gain of CDN without having to fear that it can compromise their website or application. The usage of SRI is now considered as a best-practice.
Using Subresource Integrity is very simple.
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js" integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS" crossorigin="anonymous"></script>
The idea is to include the resource along with its cryptographic hash (e.g. SHA-384). The browser can download the resource and compute the hash over the downloaded file. The resource will only be executed If both the hashes match.
Subresource integrity is currently supported in Firefox, Chrome, Opera, Chrome and not supported in IE, Edge and Safari. Check out SRI on caniuse.com to see specific browser version support information.
To try SRI take a look at https://www.srihash.org/, which can do the work of computing the hashes.