Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?
When I visit one of the sites I manage, that goes through CF (my personal ones don’t), I see that the certificate that the browser sees is one provided by CF and not the one that I create using LetsEncrypt.