If you rely on any third-party for data processing/storage, you're accepting some risk of them being compromised.

If you use CloudFlare/Akamai/Cloudfront/etc. as a CDN, a hacker could view your site's traffic.

If you use G Suite/Microsoft 365/etc. for email or document storage, a hacker could access your corporate documents and communications.

If you use EC2, Azure, or GCE, a hacker could access your storage buckets or dump your VM's RAM.

It all comes down to your threat model. Is your threat model such that you absolutely can't trust any third party with your data? If the answer is "yes" then you should completely self-host and not use a CDN or anything similar. (I.E. an email provider that specializes in providing services to whistleblowers/political dissidents should definitely not use CDNs or public cloud providers.)

But for most businesses it's an acceptable risk, especially since these giant tech companies probably have better security than they do themselves.

For anything but the smallest website, the first server a TLS connection hits is not going to be the end point of the connection. There will be caching, proxying, load balancing, etc, happening, and that will often result in connections that leave the datacenter. There will be decryption and rencryption (hopefully!) happening many times.

I don’t see why CF is any different than these other processes. I am also confused as to why you think CF is so much easier to infiltrate than say, a CA.

Do you think the same about Amazon's ELB (and it's Google/Azure equivalents)? They all are set up by the site owner to sit between user and server and decrypt TLS.