I don’t feel like it is useful to critique the use of CloudFlare for this article specifically.
Once I start critiquing a person’s decision to use CloudFlare, I’m doing so without having any clue what made them decide to use it in the first place, or knowing what resources were available to them to use alternative approaches, and if that would have made sense for them, at the time they were mitigating the risk.
Instead there is a pretty explicit “reader” created by this incident, which is an incident responder with specific response work ahead (or behind) them, and this is written for them. At this point they know what the alternatives would have been and if it would have been practical in hindsight to pursue them instead of CloudFlare.
I wouldn’t see a separate article on “So, why are you using CloudFlare?” article as useless, just different than this.