Cloudflare terminate TLS on their edge allow them see all traffic on connection and use those info to cache. (and who knows where else)
business plan or up allow you to upload custom certificate, but I don't think you will want that.
There is no other way for them to serve your content securely.
Whether that is an actual problem, or not, is debatable; It depends largely on your confidence in their security and the security you expect on the content you serve.
In case it hasn't been made obvious to you yet, all such CDN systems are in essence a MITM (by design).
READERS: Get involved and participate: If you read something you like, then click to like it