If you paste some HTML source into TinyMCE containing a script tag with src attribute, like:
TinyMCE will strip the src attribute and leave <script></script> there.
This happens for all users, including those with trusted content capability.
I believe this is a bug because:
a) Moodle 1.9 used to allow this, and it's necessary for embedding things such as twitter widgets, etc into HTML blocks.