You're misrepresenting what happens. Cloudflare is not using SNI: it is simply creating a certificate with multiple domains in it; contrary to popular belief, SSL certificates can be valid for multiple disjoint domains through a field called SAN (subject alternate names). So a single certificate served by a single IP on a SSL terminator can be valid for multiple domains, without having to use SNI. They probably have some custom agreement with their CA (GlobalSign) for the economic part and for the fully-automatic provisioning based on their control of the nameserver (instead of the usual link sent to root@domain).
Another company doing the same is Google; they have a single certificate valid for all their properties (youtube, google.*, etc.), so that they can have a network in which SSL terminators are totally disjoint from the websites they proxy for.
As for the security, the certificates' private keys are fully handled by Cloudflare, and website owners don't get access to them. The security of a website sharing the same certificate of your website is immaterial for your security. You just need to worry that Cloudflare is not hacked, but that's part of the deal once you start using it anyway, it doesn't get specifically worse if you activate SSL.
I don't know if the TLS standard has some limit on the number of SAN, but there is a technical limit, because the certificate gets bigger and bigger (and thus connections slower and slower). Cloudflare probably has some per-certificate limit (e.g.: 100 domains) after which they simply begin creating a new certificate on a new IP.
I'm instead curious on how they plan to make SSL free for everybody by the end of the year. Possibly through SNI, but I'm not sure; I would say the CA cost outweighs the IP cost, but I'm not sure how the numbers for those services work out at CloudFlare scale.
There's no technical limit on the number of SANs. However, as you speculated, there is a practical limit. Our tests show that after about 40 SANs you start to get a performance impact. So that limits the number of domains per cert to ~20 (since we include 2 SANs per domain, root.com & *.root.com).
Answer to the free question: SNI + IPv6. Hopefully one more reason for people to adopt IPv6. And limited IPv4 space is a much bigger factor for us than the CA cost.
Another company doing the same is Google; they have a single certificate valid for all their properties (youtube, google.*, etc.), so that they can have a network in which SSL terminators are totally disjoint from the websites they proxy for.
As for the security, the certificates' private keys are fully handled by Cloudflare, and website owners don't get access to them. The security of a website sharing the same certificate of your website is immaterial for your security. You just need to worry that Cloudflare is not hacked, but that's part of the deal once you start using it anyway, it doesn't get specifically worse if you activate SSL.
I don't know if the TLS standard has some limit on the number of SAN, but there is a technical limit, because the certificate gets bigger and bigger (and thus connections slower and slower). Cloudflare probably has some per-certificate limit (e.g.: 100 domains) after which they simply begin creating a new certificate on a new IP.
I'm instead curious on how they plan to make SSL free for everybody by the end of the year. Possibly through SNI, but I'm not sure; I would say the CA cost outweighs the IP cost, but I'm not sure how the numbers for those services work out at CloudFlare scale.