I think for most people it becomes a trade off decision. Do you want to expose ports and potentially open your home to attacks but keep all traffic privately encrypted (if using SSL) and yours? Or do I keep my home unexposed but delegate trust and traffic flow to Cloudflare essentially and potentially allowing them to see my traffic?
For me it depends on the service. Nothing too sensitive or personal or already publicly available? Then Cloudflare tunnel coupled with Nginx Proxy Manager.
Highly sensitive and personal? Then do I really need to expose it to the internet? Most of the time it’s no or a VPN can be used to access those resources.
Something in between? I’d consider forwarding ports and use Nginx Proxy Manager for SSL.
For some people, exposing or forwarding ports isn’t even an option due to ISPs CGNATs, not allowed, etc. In those cases Cloudflare shines and it’s the most feasible solution.