AFAIK, if content is served over HTTPS, CDN has no way to intercept that data.
I'm no expert, but t his is what theymos wrote (and there are more interesting posts in that topic):
What I meant is that Cloudflare can see your unencrypted password when you log in. It's still encrypted from the real server to Cloudflare and from Cloudflare to you. So it's not blatantly insecure except in that Cloudflare is very probably an NSA honeypot
Theymos said it because BitcoinTalk is using SSL certificate issued by CloudFlare. But, what I am suggesting here is that, CloudFlare or some other CDN to be used to mitigate DDOS, not for SSL certificate. If SSL certificate is obtained from some other issuer, then traffic is encrypted from host to browser and vice-versa. In that case, does CloudFlare have any way to read the data?
Moreover, as it seems from public record, ChipMixer is hosted either on 45.76.91.219 or some IP behind it. How difficult is it for a government to grab the hosting provider and enforce logging of all data in the background?