@jubes when a small company outsources to CloudFlare, they're often over-estimating the threat of outsider attack while under-estimating the threat of CF compromise (cloudbleed or CF exploiting the data). And if the threat manifests into a DoS attack, admins usually aren't aware that CF is non-gratis for high traffic.