This is a common concern, but in reality, it does not mean anything. "Sharing" your cert with a weird site is similar as taking the same bus route as someone who is bad.
From a security standpoint, there is little to no risk. Worst case scenario one of the other sites is doing something that results in the cert being revoked... and I imagine CloudFlare has a way to just move you (and everyone else) onto another cert seamlessly.
I dunno, it _mostly_ doesn't mean anything, but the day I discovered my site hostname listed next to phishing and porn sites was the day I didn't want to use CloudFlare's free certs anymore. Sure not many people will see the SANs on a cert, and there's nothing wrong with porn using SSL, I just don't want to cobrand with them. :D
Hah. I really should read usernames before responding.
I actually know of your competitor (fly.io, right?) and am giving it a test for something I'm working on that needs the hostname support after Cloudflare got me legging it when they said their hostname system was for the Enterprise plan.
From a security standpoint, there is little to no risk. Worst case scenario one of the other sites is doing something that results in the cert being revoked... and I imagine CloudFlare has a way to just move you (and everyone else) onto another cert seamlessly.