>At least with server-side insertion on the site/apps own servers it gives them more control (and forces them to take responsibility). If they serve a malware ridden ad from their own resources then they are responsible, no one else, and had the control to not do it. They are no longer trusting a 3rd party to be safe without having any audit rights to make sure they are.

You're greatly overestimating how much publishers care about security. If they're already willing to embed arbitrary scripts from ad networks (which has full access to the page), why wouldn't they go one step further and proxy it from their servers? It's not like it's giving additional access. I also don't buy the "additional responsibility" aspect. At the end of the day, it's still an ad network, and unless they're manually approving each ad, the risk of malware/scams isn't going to change, and if they happen to display such an ad, they can still deflect blame to the ad network.