cloudflare's "flexible ssl" option encrypts the connection between their datacenter and the user, but not the one between the datacenter and the actual web server
i guess it's better than nothing if your host doesn't support ssl but the false sense of security could be harmful
[1] https://news.ycombinator.com/item?id=11726766