It really shouldn't, because the site owner is the one making the choice to use CF; CF is acting on their behalf (and the security-settings the site owner chooses at CF does influence whether and how often captchas are shown to users, i.e. "I'm under attack" mode). It would be different if the user's ISP did this.

This is another related issue, too, as CF is a data processor, so the controller (=site owner) needs to make users aware that their data is being shared with CloudFlare, as SSL terminates at CF, the content is analyzed and it's then (optionally re-encrypted) transmitted to the origin.