(Their "data centers" are typically a rack or two of equipment that Cloud Flare ships to a real data center, along with installation instructions.) We asked Cloud Flare to confirm that sniffing is possible at these so-called "data centers," but they didn't respond.
The Cloud Flare certificates we found all had the common name in the same style as the "ssl2796.cloudflare.com" shown in that Netcraft report.
The "ssl2796" in the name is a Cloud Flare tracking ID in the 136,535 root domains we found that use "standard" (not "universal") Cloud Flare certificates.
The Cloud Flare certificates below encrypt the traffic only between the browser and Cloud Flare.
The traffic between the original web server and Cloud Flare remains unencrypted unless the web server owner has his own certificate installed on his machine.