Wait, Cloudflare has access to all decrypted data on the server end of https sessions? So Cloudflare employees or employees at data centers that cloudflare uses have access to all Bitfinex, poloniex etc passwords? Completely irresponsible if so, regardless of cloudbleed bug. They are basically selling user security for 30 shekels worth of traffic reduction.
Cloudflare acts as a reverse proxy and has access to all data that passes between the server and the client. Keep in mind that that is also the case for sites' hosting providers, including those that don't use Cloudflare. Aside perhaps from running the servers in your basement, which is neither practical nor cost-efficient, it's not possible to completely avoid trusting a third party.
