Third Party javascript loaded in the exchange front-end !? (me nitpicking)

I see the domain is loading resources in control of Cloudflare.
It is loading

I’m just wondering if it would be a good idea to serve the front-end via Cloudflare. In my understanding Cloudflare can also be used to inject all sorts of other code to the browser. (using CF apps)

The reason for my concern is the story of StatCounter and In this case StatCounter got hacked and the javascriptcode modified to steal funds from users during withdrawal.

Using Cloudflare myself I consider it safe, but is is safe enough for Nash exchange ?