This explanation makes sense, thanks! I mean other than the fact you’re still trusting cloudflare not to mess with the data since it’s terminating ssl =) but i agree that makes this somewhat cleaner from client perspective
As a visitor to the site, I need to decide whether or not to trust the site's operator. As the operator of a site, I need to work out which vendors I can trust. Cloudflare takes the role of a vendor here, it's exceptionally common for vendors to terminate SSL. And it's quite challenging to run a CDN without access to the plain-text request.
Cloudflare at least offers mutual TLS from the edge to your origin, I've yet to persuade either of the other major CDN vendors I've worked with that they should offer that feature. They've also pioneered the rather nifty ability to terminate TLS on a node that doesn't actually have direct access to the certificate it's using, which I'd quite like for some other use-cases.
None of which is to say that you shouldn't have any concerns about Cloudflare, but on the other hand if you're that worried then at least the server operators using Cloudflare are giving you a heads-up that you maybe don't want to trust their judgement?