Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?
Also…shouldn’t we talking more about self-hosting rather than privacy and efficiency issues? I think the topic is a moot point - either you feel that Cloudflare is ‘trustworthy’…or you don’t.
IMHO, it’s sorta like using Google’s Gmail for business purposes. Read the fine print - they can do whatever they want with your data, despite their privacy statements. Same goes with Cloudflare. You’re using *their* services on *their servers.
They have to lookout for themselves and the risks involved.