1. the certificate is not generated by you (in the Free or the Pro plan) but by them and these certificates are for multiple domain names. So you end up sharing your certificate with other domains / websites of dubious nature that are also on CloudFlare's network.
2. CloudFlare only secures the connection between users and the CloudFlare network. It does not secure the connection between CloudFlare and your hosting service, unless your hosting service also supports TLS/SSL connections and you activate their Strict SSL option.
For the purposes of hosting a project website, secure connections are more important than ever due to the potential of external attackers, which could very well be a government institution, to infect distributed binaries or source code. Instances like XcodeGhost will become more common imho. And a secure connection between your user's browser and your hosting server is not 100% secure, but it's a good start. And towards that purpose CloudFlare Free in front of GitHub Pages isn't very good ;-)
I've been wondering about this. I share mine with several shops that appear to be selling low-schedule drugs on the clearnet.
Don't know what the implications for that are, except that someone poking around the validity of my SSL certificate will establish that mine is a free tier Cloudflare one.
If a domain that you share your certificate with has their certificate revoked or is blacklisted for any reason this could have a negative impact on you.
1. the certificate is not generated by you (in the Free or the Pro plan) but by them and these certificates are for multiple domain names. So you end up sharing your certificate with other domains / websites of dubious nature that are also on CloudFlare's network.
2. CloudFlare only secures the connection between users and the CloudFlare network. It does not secure the connection between CloudFlare and your hosting service, unless your hosting service also supports TLS/SSL connections and you activate their Strict SSL option.
For the purposes of hosting a project website, secure connections are more important than ever due to the potential of external attackers, which could very well be a government institution, to infect distributed binaries or source code. Instances like XcodeGhost will become more common imho. And a secure connection between your user's browser and your hosting server is not 100% secure, but it's a good start. And towards that purpose CloudFlare Free in front of GitHub Pages isn't very good ;-)