I think concerns come in two flavours:
- Privacy/security: Cloudflare terminates HTTPS, which means they decrypt your data on their side (e.g. browser to cloudflare section) then re-encrypt for the second part (cloudflare to server). They can therefore read your traffic, including passwords. Depending on your threat model, this might be a concern or it might not. A counterpoint is that Cloudflare helps protect your service from bad actors, so it could be seen to increase security.
- Cloudflare is centralised. The sidebar of this community states "A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.", and Cloudflare is for sure a service you don't control, and arguably you're locked into it if you can't access your stuff without it. Some people think Coudflare goes against the ethos of self-hosting.
With that said, you'll find several large lemmy instances (and many small ones) use cloudflare. While you'll easily find people against its use, you'll find many more people in the self-hosted community using it because it's (typically) free and it works. If you want to use it, and you're ok with the above, then go ahead.