Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?
Let’s remember that Cloudflare is engaged in business with USG, so if they were doing that kind of nefarious stuff, it’d result in a bad time for a whole lot of folks.