It's good to see CloudFlare continuing to embrace security as it evolves. I saw the AMA Matthew Prince did where he said he was concerned about ICANN giving control to the UN, which is a bigger deal than most admit, and he also said he was against regionalization of the net, another issue that doesn't get enough attention. Keep up the good work.
I know one thing I would like is Cloudflare doing something magical with Sub Resource Integrity.
Maybe if the source HTML specifies a SRI string, check that the hash in the HTML matches the hash of the resource before allowing it in your cache for that website. If it doesn't match, don't cache that resource and don't serve it.
This would allow sites to enable and enforce SRI without browser support.