First a big thanks to @looki for this awesome script!!!
Unfortunately it still uses HTTP and not HTTPS to load the data from JISHO, which puts all users at risk.
The stroke order images are loaded through an unencrypted connection from JISHO to our browsers. Therefore, anyone who accesses this connection in between can modify it without you even noticing. This can of course be your Internet Service Provider or anyone other in between your PC and the JISHO web server.
Since internet traffic is not determinable (meaning the sent packages can go all around the world before arriving at their goal) the packets could also easily go through countries with authoritarian governments. Even if your not the primarily “intended target” you can easily get malicious code (software) loaded into your browsers/computers, which in turn puts you at risk.
In short: DON’T use HTTP without encryption if you care about your privacy and security.
QUICK FIX (which doesn’t solve this problem entirely but it is way better than the current state):
Use the modified script from this user. Open your Tampermonkey add-on Dashboard and navigate to the Stroke Order Diagram script. Then replace the script with the one from the link above (it has a .TXT file attached).
This loads the images through a Content Delivery Network (CDN) which basically caches the images and delivers it to you through httpS (means: encrypted). Since the CDN knows it wants to deliver images it (hopefully! xD) sends you correct images and not malicious scripts. I think we can trust a CDN with this.
@looki Please consider fixing this problem in another way or maybe update your current public script with the one above? Thank you so much for your efforts!
(Btw., one could alternatively use the userscript from @atzkey, which uses a locally installed font (currently) and therefore doesn’t have this issue. But the presentation of the stroke order is a matter of taste, of course. )