This is a valid use case for providing some level of security for sites that may not be able to host TLS certificates. The theory is that most of the threats that need protecting are on the client side rather than the server side. This isn't perfect, but at least the traffic from the client to the Cloudflare edge is secured.
