Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?
Certificates is not safe either. Here you trust certificate authorities like Lets encrypt. Most Security comes from the idea that there is one person you can trust. With ddos protection it is cloudflare and for certificates it is Lets encrypt. Or who you choose