No, *everything* is affected. When using CloudFlare, TLS doesn’t protect your data because CloudFlare is (by design!) intercepting the requests and re-encrypting them, which is precisely the thing TLS was supposed to prevent.

I’ve written more about this problem at http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem/, but the summary is: consider any TLS going through CloudFlare to be ‘fake’ TLS. It doesn’t provide the security you think it does.