Apologies in advance for what is probably a very stupid question, but wanted to confirm something: happened to notice the CN on the SSL certificate for https://vault.bitwarden.com/#/ was made out to sni.cloudflaressl.com rather than bitwarden and had a momentary freakout where I thought I was the subject of a MITM attack. (Q1) Is this just an artifact of Bitwarden utilizing cloudflare CDN services? (Q2) If legitimate, for the cloud version, doesnt having a CDN serve content and sit between the bitwarden servers and the end user mean they handle/see all the data trafficked from point a to point b? Isn’t this a vulnerability?
Given that Bitwarden is open source and has been 3rd party audited, I know I’m missing something obvious here, just not sure what.