In case of other mixers using CloudFlare, CloudFlare knows your input address and output addresses. In our case, if we would use CloudFlare, CloudFlare would know input addresses and private keys. CloudFlare is US company so it is reasonable to think that any three letter institution could get an access by court order.
Holy shit I absolutely forgot about the private keys. Those would indeed fall into CloudFlare's hands as well. Not only that, just imagine something like Cloudbleed happening again. That'd be disastrous.
* cloudflare has 2 SSL "modes": flexible and full. For an enduser, it's allmost impossible to tell wether the site he's visiting is using full or flexible SSL mode. If a site is setup with the flexible SSL mode, it is possible for your data to be encrypted between your computer and cloudflare, but unencrypted (over port 80) between cloudflare and the server. So, if everything is setup correctly (full ssl mode), there is no problem, but if the admin was lazy and setup the flexible ssl mode, the user might never know his data is being transferred unencrypted.
[...].
That's why every dev team needs "that paranoid guy" making sure that shit like that doesn't fly