I hope you don't mind me ranting a bit about custom domains
> Custom Domain Protection for Cloudflare Registrar, available on the Enterprise Plan, protects your organization from domain hijacking with exclusively out-of-band verification of any changes to your Registrar account.
This is what keeps me locked into Google and other services. I just can't trust my custom domain, if I'm targeted by any semi competent attacker it WILL be hijacked. That you're offering this service only makes my suspicions stronger. I want to use your services but that's a showstopper. It's not your fault, of course, all registrars face the same issues. You need so many different factors to make the process secure it's not even funny, and you said it yourself: "That, obviously, doesn't scale".
A few years ago one of my customers domain was stolen by contacting the registrar support (one of the big ones, always recommended around here). They even had a scan of his passport. With so many data leaks, even from your own government, how do you even protect against these kind of things? His life for the next few months were living hell.
All I can tell you is the 'custom' in Custom Domains refers to the idea that you can set whatever security policy you would like. That includes restricting who can change your domain to a list of people you can count on one hand who each have a personal relationship with you. If you want a policy which requires a photo of you with today's newspaper in it to change a domain, that's probably something which can be arranged.
Just to clarify for readers, this is the Custom Domain plan, which is the Enterprise version of the Registrar we are launching today.