Thanks everyone for your comments and concern on this topic!
Cloudfare (or a similar service) is a critical part of making infrastructure scalable and reliable for services like Bitwarden. It’s also leveraged for functions that allow us to protect our services from outside attacks, etc.
As far as Cloudfare getting into your vault, that’s not quite true. In any worst case scenario they could not decrypt vault data without your email and master password, and a few other pieces of the combination that are not the same as what is used to authenticate your session.
TL;DR - we use Cloudfare to bring a reliable cloud service to end users and take every precaution for security within our power. We do understand that this is not enough for some, and thus why self hosting is a huge part of our service model.