Cloudflare itself is a completely legitimate product, anyone can set it up without any human intervention from Cloudflare's part, it's only reasonable to expect that dodgy websites may use it however I'd like to think that if a site is clearly illegal/violates Cloudflare's ToS, they will shut them down. I use Cloudflare for a bunch of my own stuff, even this very website sits behind Cloudflare. The only legitimate criticism I can see of Cloudflare is that they are now so commonly used, that if they experience outages (which has happened in the past) it can cause loads of different websites to go offline however ultimately it's down to a website owner to weigh up the risk of using Cloudflare vs going without it.
Essentially, all cloudflare does is sit as a reverse proxy in front of a website, they also usually manage the DNS for the website. When a user reaches the website they instead hit cloudflare's servers which then proxy the request through to the website's own servers. The idea behind this is that they can provide caching services for various elements on their website and serve them from their global CDN which both improves performance for end users as well as reducing load on a website's own servers. It also means that if the webserver goes down, Cloudflare can either serve a cached copy of the site or a friendly error message instead of the connection just failing. Additionally, since end users are talking to Cloudflare instead of a website's servers directly, the website will be protected by Cloudflare's DDoS protection systems which can be prohibitively expensive for a small website to implement on their own.