This is a more subtle point about how cloudflare's flexible ssl works. The linked post describes a situation where the end user sees the ssl padlock, but the traffic is still getting MITM'ed between cloudflare and origin because it is not over https.
There's no reason to use Flexible SSL. Cloudflare will support any certificate on the origin server (e.g. Let's Encrypt if you don't want to pay someone), or will give you a free "Origin CA" certificate.
Yes, that's fine. The problem is offering flexible ssl in the first place. It is not the end user's job to verify if the traffic between cloudflare and origin is encrypted.
