The irony of a company that sells DDoS protection making the browsing experience worse for legitimate users. The real issue is that Cloudflare's bot detection runs JavaScript that introspects the page state — which means any site using Cloudflare is implicitly giving Cloudflare access to read the DOM of the protected application. That's a much bigger concern than the typing delay.