The same situation exists for anyone who needs a throwaway email address that's nearly impossible to trace.Now add Cloud Flare's free fly-by-night "universal" SSL.Almost everyone who browses a https domain reached from Cloud Flare is unaware that just half of the route is encrypted.When they see the padlock on their screen, they feel that everything is safe. It's easy to use for a cybercriminal with numerous domains hidden behind the privacy services of various registrars.
This page is an excellent imitation of the Bank of America pages he remembers, and there is also that nice little SSL padlock in the corner of the address bar. Probably, because he doesn't realize that he's at a subdomain of q4and is entering his old and new password into a fake page for the benefit of a phisher.
If Cloud Flare's traffic still gets through, you ask the ISP to pull the plug on Cloud Flare's racks.
This is why Cloud Flare will add a plaintext port to their own hardware someday, if they haven't already.
As if the "standard" certificates aren't enough of a problem, there are also over four million "universal" certificates that present bigger problems.
All you need for a free Cloud Flare account is a domain and an email address.