Banks shouldn't really use any CDN
Make everything internal, take the minor hit on page load times / traffic and remove one potential attack vector.
As for archive.org being the CDN - I expect some idiot release engineer or programmer just cut and pasted the url in without realising what they were doing.