I agree that while Cloudflare's announcement is great, it does subvert the visual indicator of the green browser padlock.<p>Yes, its possible for any implementation of SSL to use the same method Cloudflare is using, and not provide end to end encryption. However by doubling the number of encrypted sites in one day, Cloudflare has now made it much more likely that you run into a partially encrypted site.<p>I would like to see some sort of way for interested parties to see if their connection was via "Flexible SSL" or not.
HTTP header won't work, since the client must have sent the full request before the server can respond with a HTTP header, it is already too late to protect the data inside the client's request. If anything it should perhaps be some kind of SSL handshake flag.<p>Also, not a single site will actually set the flag that indicates their SSL implementation sucks.