Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?
It is, but for a different issue.
Every CA you trust can create certificates for every site. If you trust the e.g. NSA CA, they can create a certificate for gmail.com and put a MITM between you and gmail.
The EU is planning to force browsers to add their backdoor CA