Among other possible criticisms, they hold too much power. So much of the web is behind their walls, if let's say you couldn't access them or decided you didn't want to communicate with CF, huge portions of the web would become off limits.
Unfortunately, as in math, there are such things as unsolvable problems. Unless and until everyone's running a bunch of formally verified OSes that can't be converted to botnets you have to pick your poison. I won't pretend it's a solution though, it's trading one problem for another. Who can say which is worse.
How big is the threat, though? What can even happen if someone takes control over Cloudflare? What if Cloudflare is malicious, what could they even do before people catch on it?
I agree centralization is bad, but with Cloudflare (compared to Google), their main business model is this specific service (CDN, security, privacy, etc.). If they don't accomplish it, their business will die.
I wasn't even really thinking about the security issue on their side. My concern is they end up in cahoots with the government who gives them a list of political dissidents who then get blacklisted from half the web which people will jump to defend with "They're a private company, they can do what they want!"
That's a good point, I didn't even consider that side, I was thinking more about the security part for either the user or Cloudflare, not the political part that, as you mentioned, it gives too much power to control the internet.
That being said, if such accusations turn out to be true, then the reputation of Cloudflare should quickly degrade over time and people will stop using it.
