It seems to me that you underestimate the ability of MITM attacks on your traffic. When cloudfare MITMs your traffic, they can do anything with it. I mean, really, really anything. Generally speaking, nothing prevents them from MITMing your "second layer of encryption as well as the first one" and sending a fake public key for your ECC to the user. They can also remove the ECC encryption entirely. Theoretically, after that they can even send a fake bitcoin address to the user and seize the BTC the user was going to mix (although in reality, I doubt they are ready to act so openly yet).
I know Cloudflare
can change the site's content, but I'm genuinely curious - does anyone know of an instance of them doing such a thing? I'm sure they watch user transactions on various sites, but I do wonder if they've actually ever modified a site against the owner's consent. They're a public company, so I would think that it'd be possible to find some info on whether or not they've done such a thing. I'm leaning towards thinking that they probably never have modified a site because it'd cause such an outcry if they did, and they'd lose thousands or even millions of customers. Any insight from anyone?