Offering free 'flexible' SSL is really good for the internet but using SNI SSL certs for multiple businesses the way Cloudflare does has somewhat of a security risk. Cloudflare shares certs for multiple domains at a time. One of my domains was shared with 10 other sites when I check on https://www.ssllabs.com/ssltest/. If one domain gets their SSL cert compromised (by whatever means), it's safe to assume the other 10 will be as well.
This is a (mostly minor) security risk worth considering these days when not only are CAs semi-centralized but so are the certificates.
You're misrepresenting what happens. Cloudflare is not using SNI: it is simply creating a certificate with multiple domains in it; contrary to popular belief, SSL certificates can be valid for multiple disjoint domains through a field called SAN (subject alternate names). So a single certificate served by a single IP on a SSL terminator can be valid for multiple domains, without having to use SNI. They probably have some custom agreement with their CA (GlobalSign) for the economic part and for the fully-automatic provisioning based on their control of the nameserver (instead of the usual link sent to root@domain).
Another company doing the same is Google; they have a single certificate valid for all their properties (youtube, google.*, etc.), so that they can have a network in which SSL terminators are totally disjoint from the websites they proxy for.
As for the security, the certificates' private keys are fully handled by Cloudflare, and website owners don't get access to them. The security of a website sharing the same certificate of your website is immaterial for your security. You just need to worry that Cloudflare is not hacked, but that's part of the deal once you start using it anyway, it doesn't get specifically worse if you activate SSL.
I don't know if the TLS standard has some limit on the number of SAN, but there is a technical limit, because the certificate gets bigger and bigger (and thus connections slower and slower). Cloudflare probably has some per-certificate limit (e.g.: 100 domains) after which they simply begin creating a new certificate on a new IP.
I'm instead curious on how they plan to make SSL free for everybody by the end of the year. Possibly through SNI, but I'm not sure; I would say the CA cost outweighs the IP cost, but I'm not sure how the numbers for those services work out at CloudFlare scale.
There's no technical limit on the number of SANs. However, as you speculated, there is a practical limit. Our tests show that after about 40 SANs you start to get a performance impact. So that limits the number of domains per cert to ~20 (since we include 2 SANs per domain, root.com & *.root.com).
Answer to the free question: SNI + IPv6. Hopefully one more reason for people to adopt IPv6. And limited IPv4 space is a much bigger factor for us than the CA cost.
This is a (mostly minor) security risk worth considering these days when not only are CAs semi-centralized but so are the certificates.