If you say you didn't catch them on spoofing your website, I can believe you. If you say you've never heard about them altering the contents of a single http request, this still sounds plausible because it is hard to detect such alteration. But if you say you've never heard about them cutting off pieces of webpages by breaking some of the (many) http requests a browser makes when it loads a (single) page, thus also damaging webpages' integrity, I will not believe you. Cloudfare does this all the time, and this is easily detectable by looking at the list of http requests and their results in "web developer tools" in a browser.

Your website doesn't have to be even the first case of altering the contents of a single http request. If you don't know about such precedents, this doesn't mean they don't exist. They may just stay completely unnoticed if the admins of those previous websites don't access them from various IPs.

This is better than what you said before "automatically shut down the clearnet version" (without any plans for the future), but still, the only price for cloudfare we are sure about is just one website leaving them. You are taking for granted that this is "the complete opposite of 'not too bad' for Cloudflare", while this is doubtful to say the very least, especially given the fact how obviously they damage other websites, as I explained two paragraphs above. What's worse, you put your users safety in dependence of the actual validity of this claim that you just take for granted.

I'm not ignoring anything, it's just you pretend I'm ignoring. As long as cloudfare has 0% false positive, their attack does not contradict your observations you describe here. Once 1% false positive happens, your observations will not anymore be the same as you described here until now. But this alone does not yet mean that 100% accuracy is necessary for cloudfare for all the time in foreseeable future. In simple words: they could have some luck so far.

Unless your server is closely monitored by a third-party, you will not have undeniable proof for anyone except yourself. Cloudfare can claim that it were you who put the damaged files at your physical server, and you will not have evidence it wasn't there. And if someone else independent closely monitors your server and can witness that the files there were not changed, this is even worse, because this third-party access is also a danger for the security of your users.

It is relevant: absence of remote access and distance from your physical location means lower a priori probability for cloudfare that you are testing them, they can rely on this information.

Again, it is possible. At some point cloudfare might get caught, but before that they will have already collected a "large scale" of users' data.

You can call my criticism "invalid" as much as you like, but I still can (and do) warn other users about the risk of their data being accessed by cloudfare.