Moodle.org uses CloudFlare to primarily provide CDN and DDoS mitigation services,
As security is only as strong as it's weakest link, I'd prefer not to disclose in detail the functions we use on the CloudFlare nor our hosting environments.
I will, however, note that CF does save us a considerable amount of bandwidth in normal HTTP requests alone (last month saving ~ 2.8TB).
Like in real life, in the world of technology, there's really no such thing as bullet-proof, just resistant.
There certainly are some pitfalls to using CF, such as dependence on their infrastructure being available, having no control during upstream outages, and Caching can cause a problem at times.
Caching issues in particular can generally be worked around by sending the right headers, however some times you just need to clear the cache manually - so with this I'd advise only setting standard level caching, with a lower browser cache, and rely on the headers being sent from your hosting environment.
Utilise tools like mod_remoteip to fix the incoming IP addresses on your local instance, restrict access to the CF IP's as required, ensure SSL is not offloaded at the CF end.
Hope that helps,