So far Cloudflare have generally been good guys on the web. They're in an incredibly abusable position, but so far have refrained from doing that.
So far.
The problem with Cloudflare is that institutions change over time. It's a slow process, doesn't happen overnight, but it does happen to almost all of them sooner or later. Building institutions that stay good is one of the big unsolved problems for humanity.
The problem with Cloudflare is what happens the day this good guy MITM:ing half of the web is no longer a good guy. We need to at least have a plan for dealing with this scenario, because otherwise this could get very ugly.
I've got a treat for you, cloudflare's business model moved heavily towards crime as a service during the last decades, including DDoS botnets that host their own CnCs behind cloudflare, while themselves even relaying cloudflare DNS data to DDoS cloudflare instances itself.
The guy behind Crimeflare, when it was still available, tried to accumulate a dataset by running his own resolver, which filtered out domains in the zones of cloudflare's known ASNs.
This was actually also part of a lawsuit against lieferando (takeaway) because they're registering domains of restaurant owners and blackmail them into using their delivery service, after they already registered the Google business entry with that cloudflare domain to a call center of Takeaway, so the actual owner of that restaurant has no chance in terms of SEO and google searches that people would find them again.
You can probably safely assume the 3-letter agencies are snooping on this data. It is and has always been very hard to resist government pressure. Happens all around the world, China, Russia, EU; all the geopolitical players find various means of eavesdropping where they can.
Also likely part of why ECH is taking such incredibly long time to see widespread adoption and why it's still quite a shit solution to SNI. As it stands, anyone with network level access can see which websites you are visiting, despite HTTPS.
So far.
The problem with Cloudflare is that institutions change over time. It's a slow process, doesn't happen overnight, but it does happen to almost all of them sooner or later. Building institutions that stay good is one of the big unsolved problems for humanity.
The problem with Cloudflare is what happens the day this good guy MITM:ing half of the web is no longer a good guy. We need to at least have a plan for dealing with this scenario, because otherwise this could get very ugly.