In which case, it can be easily MITM'd by an attacker sitting between CloudFlare and your server, which makes it only slightly better than plain HTTP. It would have been great if CloudFlare let the user to upload and pin a specific self-signed certificate that it could then validate to prevent such attacks.

I think there was some rumors that they are - or are planing - to offer certificates signed by a private Cloudflare CA exactly for the purpose of encrypting the traffic to the backend.