Particular to India, Cloudflare edge data-centres use Airtel network — which is notorious for using MITM for arbitrary bans. If cloudflare fetches your site without SSL then Airtel can and does block it and even inject ads; this is regardless if you use cloudflare's https to serve content to your clients. More info here [1], and hn discussion here [2].
This has nothing to do with Cloudflare, though. If you use HTTP instead of HTTPS then you are at risk on any network (India or elsewhere) of the things you describe.
This is a more subtle point about how cloudflare's flexible ssl works. The linked post describes a situation where the end user sees the ssl padlock, but the traffic is still getting MITM'ed between cloudflare and origin because it is not over https.
There's no reason to use Flexible SSL. Cloudflare will support any certificate on the origin server (e.g. Let's Encrypt if you don't want to pay someone), or will give you a free "Origin CA" certificate.
Yes, that's fine. The problem is offering flexible ssl in the first place. It is not the end user's job to verify if the traffic between cloudflare and origin is encrypted.
[1] https://medium.com/@karthikb351/airtel-is-sniffing-and-censo...
[2] https://news.ycombinator.com/item?id=12091900