piuk, you shure you want to have your site behind cloudflare and let them do an authorized MITM on your users?
Putting your site behind cloudflare is throwing away all the security you've built.
At the moment there isn't any other choice. The datacenter blockchain is currently hosted at simply doesn't have the infrastructure to handle a ddos attack that size.
But cloudflare could still not access the private keys if one is using the plugin, right? Or could they still inject malicious javascript?