> I didn’t actually see any security benefit to outweigh the privacy loss
The main thing is being able to hide your origin IP address. That turns many types of DDoS attacks into CloudFlare's problem, not yours, and it doesn't matter that you're on the free tier[0]. If you firewall to only allow traffic from CF[1], then you can make your services invisible to IP-based port scans / Shodan.
CloudFlare isn't a magic-bullet for security, but, used correctly, they greatly reduce the attack surface.
Whether any of that is worth the privacy / security risk of letting CloudFlare MITM your traffic is up to you.
The main thing is being able to hide your origin IP address. That turns many types of DDoS attacks into CloudFlare's problem, not yours, and it doesn't matter that you're on the free tier[0]. If you firewall to only allow traffic from CF[1], then you can make your services invisible to IP-based port scans / Shodan.
CloudFlare isn't a magic-bullet for security, but, used correctly, they greatly reduce the attack surface.
Whether any of that is worth the privacy / security risk of letting CloudFlare MITM your traffic is up to you.
[0] https://news.ycombinator.com/item?id=21170847
[1] https://www.cloudflare.com/ips/