The SIM authenticates you to the mobile network which is free to tamper with your traffic. Considering the "security" of the equipment in there, as well as the incentives of the people working there and the general level of skill and development practices in there, I wouldn't trust it at all.
The only way this would be secure is if the SIM/eSIM is able to embed an actual client certificate which the mobile device can then use to initiate a VPN connection to Cloudflare, but this would also require the eSIM to not be able to be tampered with by the issuing carrier, otherwise they could potentially push an update to extract the keys or have it sign malicious requests in the background.
