Does Cloudflare have the same sort of legal restrictions that Comcast or other ISPs, which are regulated by the FCC, have? [PS this isn't a rhetorical question. I'm genuinely curious]
I understand that the current FCC is basically intentionally toothless, but that wasn't the case a few years ago, and doesn't necessarily need to be the case a few years from now.
Even Tor isn't great for plaintext HTTP, as it requires you to put an anonymous, unaccountable middleman (the exit node) between you and the internet. The fact that that middleman doesn't know your real IP address is little comfort when they can read and modify all data you send over their connection.
Granted, it's not too bad for Tor browser, where all browsing sessions are strictly anonymized and JavaScript access is heavily restricted so MITM attackers are limited in what they can do provided you never transmit anything sensitive or download any files over plaintext, but for general purpose browsing I definitely wouldn't recommend it (even ignoring the performance issues).
Consumers have, numerous times, rated Comcast as the worst or least trustworthy company in America. Cloudflare need only convince consumers they are more trustworthy than a company like Comcast. That shouldn't be too hard.
It may be the case that people in other regions have different concerns that nevertheless are addressed by the same sort of technology. For instance, other people may want a way around government mandated pornography blockers, local ISPs with their own bad reputations, etc.
Of course if somebody has none of these concerns, the Firefox Private Network is optional and they can decide not to use it.
The proposition for VPN or proxy services makes most sense when you don't trust your home/mobile ISP (a good portion of the world is in this situation) and for public wifi, which is increasingly managed by companies like Zenreach and Facebook with the goal of silently tracking where users go to provide "insights" for business owners and targeted advertising.
Simply connecting to these hotspots opens you up to location tracking unless you're able to randomize your MAC address, but after you connect it seems like common sense to prevent these companies from harvesting your browsing data as well.
Independently of what they may or may not have done, Cloudflare is one company. Tunneling everyone’s data through one company creates an enormous concentration of power, i.e. putting all the world’s privacy eggs in one basket, so to speak.
You need to consider that the status quo is "send all your browsing data to everyone, in cleartext".
(where "browsing data" is defined in both cases by the contents of DNS requests)
At minimum I'm more likely to trust that Cloudflare will uphold their contract with Mozilla than that my ISP (Spectrum) isn't happily selling out my browsing data -- and the ISP, unlike Cloudflare, knows my name and address.