Comment by Karupan

This is huge and CF is certainly downplaying the issue. To be clear, I think the kind of tech that they deal with is extremely complex, which makes it ever harder to test or uncover them easily. And they have been reasonably good with disclosures (prior to this incident).

When I was evaluating CF for a small personal app, I really thought hard about using a public reverse proxy and decided that it wasn't worth it for the scale I was dealing with. No one can predict these security issues, but I sure am glad I didn't go with them!