[phyzome]

Yes, TLS termination is something that people get wrong, but there are other ways of decreasing that risk than to hand off the task entirely to someone else.

And yes, if AWS were compromised, that would suck. But right now a lot of CloudFlare sites are backed by AWS. So now their traffic is at risk in two places, not just one.

I don't tend to use cloud providers, no. I self-host some stuff out of my house, with reliance on DNS and CAs being the major points of "correlated risk". I use S3 for serving some public files.