Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?
Beyond what everyone else has said here about it being practically an industry standard now with insane levels of trust, it also foists a lot of the responsibility for security/uptime onto an external company with a good track record. That’s great in the eyes of product management and likely the legal department too.