The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at. They can't access the database arbitrarily, though: they can only see data that passes over the Internet.
The thought of willingly passing passwords in clear text is quit disturbing for a security concerned member (me). I can counter the PM issue as I do elsewhere by using GPG'd PMs, which are encrypted and decrypted ONLY locally on this end as needed. At some sites I only respond to PM's where both sides have good OPSec using GPG on messages. Is there any chance that bitcointalk could counter assault this huge password weakness by allowing U2F keys for members? Even cloudfare can't do shit about getting around an encrypted key from a member's U2F and the site server? I am not asking you to require U2F just allow it for those that are security concerned. With the price of BTC and users that have been in the game for awhile the risks of doing stuff in "plain text" during logins is not Plan A by any means.