So I recently started using the free Cloudflare plan for my website to provide any sort of protection. And I noticed that, given they do the whole "We'll accelerate your website by caching parts of your pages!" they need to MITM the connections to your server, even if you were using HTTPS.
I understand why they do this; I mean obviously they need access to the actual web content so they can determine what to cache. But it still got me a little bit concerned. This is how a connection to my website works now:
User---Cloudflare HTTPS--->Cloudflare>---My HTTPS--->My Server
Based on this, even though you're using SSL, Cloudflare does have access to the unencrypted content. This includes any type of login data sent to/from the my server which, under normal circumstances, would've been end-to-end encrypted from the user to my server. Now that Cloudflare has access to that data, do people worry about the "malicious Cloudflare employee who steals the login information"? Or do we just trust Cloudflare because it's "just too big to fail"