It would be free, but not necessarily easy, as it would still entail configuring your web server to use SSL, and that might not even be an option if you're using shared hosting.
(Aside: self signed certs don't protect the connection from active attacks unless CloudFlare pins the cert. I'm mainly concerned with passive eavesdropping though.)
That's what we're going to do: issue certs that our customers can use on their origins, that will be trusted by our network, and that will be pinned to a particular site. That will allow end-to-end cryptographic connections. There are other groups working on making installing and setting up SSL on origin servers easier, that's not something we're likely to tackle, but agree it's important.
(Aside: self signed certs don't protect the connection from active attacks unless CloudFlare pins the cert. I'm mainly concerned with passive eavesdropping though.)