Putting JS in an external file will make no difference as you can just as easily view these as anything else running on your browser.
You have a few approaches here.
You can make the CSRF regenerate on each usage. This is more complex for Ajax as you will have to write the new cookie information somewhere as part of your ajax call.
You can remove the CSRF from the Ajax, and authorise the user in a different way.
You can encrypt the cookie data (if you need to).
You cannot hide the name of the cookie, but the point is the contents of the token is matched to a value kept on the server (files or database) so that only a page generated by the server can submit the form. It is not intended to authorise a user or be used for authentication of roles and permissions etc.
Finally, if it is a concern, you should also run some sort of process to prevent multiple edits within a fixed time period.
Really though, the level of security you need to implement is highly dependent on what exactly the data is doing, who it is for, the consequences of misuse and the whole point of the site/page functionality. For instance, if you are just calculating someones age on Jupiter, then security is not really an issue in terms of misuse compared to if you are letting someone access their account details and editing their orders.
Hope that helps in some way,
Best wishes,
Paul.
PS I would never make something editable without knowing who the user is via login/membership/authorisation processes. In that case, the functionality of CSRF is perfect for ajax, especially if it regenerates on each usage. If you are taking public annonymous input then you have to be much more careful about sanitizing and controlling user input.
