Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?
Don’t forget, for selfhosters, the value proposition of free is always pretty strong. I have tiers of data and not everything needs to be super private at all times.