[throwawaysed]

Cloudflare is unquestionably a source of pure, unencrypted traffic for the govt.

Does anyone remember a few years ago when Google found out through leaks that the govt was wiretapping it's private traffic between datacentres?

What makes you so naive to think that the govt isn't sniffing every single page on cloudflare?

[Bartweiss]

A 'counterpoint', such as it is. What makes you think that isn't happening to any 3rd party host you can name? Why single out Cloudflare as adding risk to sites that are hosted on AWS already?

The risk here is real, but it's much more pervasive than one data handler.

[jacquesm]

You seem to mis-understand how cloudflare works. They allow an insecure host to pose as a secure one and the traffic between cloudflare and the insecure host is not encrypted.

That problem would not exist on 'any 3rd party host'.

[manigandham]

CF is the same as any other CDN with TLS termination. Every host that provides a load balancer, or a server, or some other internal network connection like a VPN, can be compromised. Cloudflare is nothing special in this regard.