I have a jQuery function that runs through the page, finds links to a certain domain, does an ajax call to get some data and crafts a tooltip when the visitor hovers their mouse over the link. Just like wowhead.com/tooltips.
What are some things to consider when allowing other sites to include your script files, linked directly from your site? Like so:
There is not much of a security risk to you if other sites point script tags at JavaScript hosted on your site. The security risk is all carried by the other sites, who have to trust you not to replace your JavaScript with session-stealing cookie-sniffers etc. I suppose if your service became really popular, your site could become a more attractive target for villains to hack so they could do similar attacks on the other sites by changing the JS on your server.
For performance make sure your script is cached as much as possible using a far-future expires header. You'd also want to minify it to reduce your bandwidth costs. Maybe use a server optimised for static content (nginx etc) rather than a full blown Apache instance you might be using for dynamic content on the same domain. Also consider hosting the JS on a CDN if you expect a lot of sites to hotlink your script.
Styling could be very tricky as you are not in control of the styles that get applied to the elements your script is inserting into the DOM of the third party sites. Maybe the tooltip could be an iframe which renders a small tooltip-sized page on your site, and then you would be in control of everything. More bandwidth for you, and your tooltip would have to be square.