It's a cash cow for everyone, but especially for bad guys.The same situation exists for anyone who needs a throwaway email address that's nearly impossible to trace.
on the use of SSL by Cloud Flare and similar services.
The Cloud Flare certificates we found all had the common name in the same style as the "ssl2796.cloudflare.com" shown in that Netcraft report.
There is no such thing as "secure" SSL when you have potential Men-In-The-Middle at scores of data centers around the world.
Local authorities could be sniffing the plaintext available at these data centers, and Cloud Flare wouldn't have a clue.
Then they scrape your zone file from whatever dubious nameservers are listed at your dubious registrar.
Without asking, they assign you a dubious "universal" SSL certificate.
The "ssl2796" in the name is a Cloud Flare tracking ID in the 136,535 root domains we found that use "standard" (not "universal") Cloud Flare certificates.
Every root domain also has a subdomain wildcard line (*.example.com), which we deleted to save space.
All you need for a free Cloud Flare account is a domain and an email address.