I am a little confused on what the concern is. AFAIK, Google, et al, do not execute Javascript when they visit your website. Am I missing something?
When Google scans a page, it looks at all links, embeds, etc. It will see the script address for the embed. After they decide that the script is taking up too much CPU (user reports and whatnot), they will flag it as malware. Any page that embeds the script will also be flagged as malware. This can lead to things like pre-visit warning dialogs within the browser.
Hiding the script, along with any related content, from bots such as Google is the only way to prevent a page from being flagged.
That is not true as far as I know. I promote websites for a living.
The only way a site can be flagged as malware is if it attempts to load any known drive by downloads to a special malware crawler.
If they deem forcing a user to mine bitcoins malware (which they might) then it would wreak havoc with one's website.