Does cloudflare know the decrypted content when using a https connection

There's a noticeable performance hit on each connect for the PKI overhead. The actual data transfer, using symmetric keys, has relatively little overhead. Exact ratios and costs depend on your particular hardware/software stack.

In general, the overhead for transferring lots of data is small; the overhead for doing lots of small connects (https for lots of small images, for example) is much larger. You can pick and choose parts of a page to protect, it doesn't have to be all or none.

Do your tests and benchmarks, I suspect you'll find that the overall performance hit is small and tolerable.

Ultimately for clients the best security is too have end to end SSL. It does look like you can get 'Full-SSL' on just their Pro account, and you can do it with self-signed certificates on your own personal server if you'd like.

For an attacker to intercept traffic while using their 'Flexible-SSL' (SSL only between clients and Cloudflare), that attacker would need to be in the middle of Cloudflare and your server. The easiest place for this too take place is more likely than not on your local network by using a MITM technique like arp poisoning or by sniffing the traffic right off the wire if they get access to a hub or switch with a monitor mode.

It's reasonable to expect that an attacker won't be able to MITM or sniff connections between your ISP and Cloudflare's unless your attacker is either one of the ISPs or a larger state-actor (such as the NSA).

At a minimum if you're going to use any SSL you mind as well throw a self-signed certificate and open up port 443 on your webserver so that the information isn't going across the wire plaintext. I don't know if cloudflare watches for changes to the certificate but it will at the very least prevent sniffing the traffic and forcing the attacker to use a noisier, more aggressive, and potentially easy to notice attack.

Edit: The only thing the Business and Enterprise levels of their service provide you in regards to SSL is the ability for you too upload your own custom SSL certificate that will be facing clients. For example if you wanted an extended validation certificate.