I really don't believe in willingly putting a man-in-the-middle in your HTTPS like this, [
]
The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.
Thank you, theymos, for honestly disclosing and discussing the facts about Cloudflare. It is for exactly the reasons you stated that I filed
Tor Browser bug #24351: Block Global Active Adversary Cloudflare.
I usually dislike Cloudflared sites. Well, here is one run by someone who actually understands. What a conundrum! I suppose I simply wont send any data to this forum which I would not publish openly.
Good luck stopping the DDoS attacks; and I hope you can find a better solution someday soon.