While I tend to agree with all of your post, I also have to admit that as a service provider it's nice to be protected from malefactors. If I had to point to the moral problem here its not Cloudflare's existence, but rather the lack of awareness that service providers have about the trade-offs they are making - very similar to the problem we have with "free" services like Google Analytics, or CDN hosting. In each case the programmer is trading away end-user privacy on an ongoing basis for transient developer convenience and a slightly cheaper-to-operate runtime with more failure modes. It's usually a bad trade, I think.