End-to-end secure, but only against passive attacks. Cloudflare "Full SSL" (as opposed to "Strict SSL") does not verify the certificate presented by the origin server, so someone sitting between Cloudflare and your origin can still MITM the connection without detection. Strict SSL does not currently work with GitHub Pages, because "*.github.io" certs do not match custom domains.
We're working on making Strict mode work better in such situations.
For example, if the origin server presents a certificate with a SAN for *.github.io and you have a CNAME to yourusername.github.io, this will (soon) validate as Strict.
That's great news! I've been hoping Cloudflare would allow customized cert validation (i.e. the user specifies a domain name to verify against, in the control panel). At least the improvement you mention will increase compatibility with GitHub Pages and others.
It is end to end but CloudFlare does not verify the identity of the origin server. The only equivalent option would be "Full SSL (Strict)", which is not free.
That is simply untrue. Full SSL (Strict) is available on all plan levels including free. There is no charge for it. In addition, if you don't have an SSL certificate on your origin we'll give you a cert for free as well: https://blog.cloudflare.com/cloudflare-ca-encryption-origin/
I believe Strict SSL is free on Cloudflare's side, but GitHub Pages does not work with it because it does not present a matching and valid certificate.
https://www.cloudflare.com/ssl/
https://github.com/isaacs/github/issues/156#issuecomment-110...