That's optional and has been for awhile now I believe, you can CNAME from your own DNS provider. While that does rely on their DNS for that one record, it means you still have control to changeover if need be.
And, that doesn't change the point... the website protected by cloudflare still controls the effective dns for that site. The lookups are controlled, and CF is a mitm vector.
A client deployment of an app, that the client had behind cloudflare was making 80ms API requests take 8 seconds. It's not always great.
I'm not saying that there aren't alternatives, and that people have to use Cloudflare... but there really isn't much in the way of an alternative at even a similar level of support and price on the low/introduction side of things. The issue regarding recaptcha can be REALLY annoying, especially on a non-google browser.
