[thom-gtdp]

Yup Workers has similar risks as Tunnels. Cloudflare Pages isn't the same threat as Tunnels, as Pages only gives CF public data access. On Pages you trust Cloudflare for not altering the data served, while on Tunnels you trust CF for handling secret data. I actually don't really have a data residency / DPA / SCC policy because I was considering using Tunnels for my homelab only

[andy_pl]

Right, the Pages vs Tunnels split is real — different threat surfaces. For a homelab the GDPR/SCC scaffolding doesn't apply; the practical question becomes "do I trust CF more than my own ISP for opportunistic snooping," and on that axis CF's incentive structure is reasonably well-aligned.