Subscribing to Cloudflare (from its website) means changing your nameserver IPs and your web server IPs.
Many people don't understand issues related to using the Cloudflare service:
Those people who want to hide:
In fact, Cloudflare is used by many people who want to hide the IP of their web servers from local authorities, governments or customers. That's why the Russian government threatens to block all the websites hosted on Cloudflare. Cloudflare at some point didn't cooperate with the Russian authorities and refused to provide the real web servers IP behind Cloudflare who violated the Russian law.
As governments become more and more efficient at blocking websites, we may see in the future this kind of issue coming back in other parts of the world. I will not talk about the moral aspect of it but from an IT decision maker point of view. If you have a clean website on one IP from Cloudflare you may suffer from a government decision to block the Cloudflare IP ranges which are public on the Cloudflare website.
Subscribing to the free Cloudflare service means getting a new IP address for your server. It is very much like migrating your website to a shared hosting website since many other websites that use Cloudflare also use the same IP address than you. Since the Cloudflare service is open to everybody several of those websites can be spammy. In SEO, this is what we call bad neighborhood.
You grant all powers to Cloudflare:
Since you use the nameserver from Cloudflare and a Proxy IP from Cloudflare, Cloudflare is the almighty who can do everything. They can stop access to your website. They can slow down access to your website too. They can inject code inside the code of your webpage thanks to the proxy. By the past, the app. smarterrors was a feature that was on when subscribing to Cloudflare. This feature replaced your 404 page by Cloudflare 404 page. So, in this case, it was the crème de la crème in terms of power delegation. They replaced your own pages with their own pages.
Also, they can spy on everything that the visitors send in clear to your web server. At the end, it is worth than giving your house keys to the NSA.
One more weak point:
if for some reasons the Cloudflare service is down, your website is also down. Are Cloudflare benefits offsetting this plausible scenario? From time to time, you may see an error 522 issued from Cloudflare when your website isn't available. In this case, you aren't able to know whether the issue come from Cloudflare or whether it comes from your web server.
Even if the downtime is short, on a yearly basis downtimes related to Cloudflare can be significant for online businesses.
Unfortunately, the DDoS protection service of Cloudflare is unclear. It is only a drop down menu defining the level of protection but it does not say anything. On the other hand, there are Anti DDoS techniques that are published and used to face DDoS attacks from a firewall. By the way, and unfortunately, i have seen a website that has been taken down with a DDoS attack even if they used Cloudflare.
From a technical point of view, Cloudflare is the best CDN. The IP addresses from their network have very good reputation. They are considered generic for Google rather than country specific. Also, their free service is pretty reliable for a free proxy.
It is also a DNS server free service:
Since Cloudflare is also DNS free service, it is possible to minimize the pressure on your own DNS server and use cloudflare as a DNS server since it is possible to put the cloudflare nameservers on behalf of your nameservers.
Even if they provide good services from a technical point of view, the different issues related to the Cloudflare network model highlight that it may be better to stay free and have a longer ping & handling your DDoS protection yourself rather than giving everything to Cloudflare.