https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/

the only way for cloudflare to have this data is if it is inside the ssl channel, analyzing traffic to their customers who are logging in.

ssssoooooooo i guess this makes the cloudflare logs a massive target for nation states now?