This is simply not true. If TLS fails, the vehicle used for code delivery has been compromised and can be used to deliver compromised code. Everything written in the article is only true if you assume that the code is delivered with its integrity in tact, which on the web is a property that can only be guaranteed by TLS.
The article wasn't about delivering software updates. 1Password provides syncing of password vaults and online access, and this article explains how they do not rely solely on SSL/TLS to secure that data in-flight, and thus the Cloudflare issue could not have exposed such data in a usable way to third parties.
The takeaway from the Cloudflare story seems to be: don't rely on TLS encryption for critical data, since it may be compromised by third-party actions and may be completely compromised in the future.
Cloudflare's screw-up had no impact on third parties. What it did was cause havoc for Cloudflare's own _customers_ who had agreed Cloudflare could purposefully MITM them.
For it to function at all, Cloudflare undoes all the TLS encryption, signing up for Cloudflare means saying "Yeah, Cloudflare now has total control of my web site, I don't care, I'm sure these people I've never met are competent and will protect my site and its users". I guess that's OK if you're running a blog about your cat ? But millions of people decided it sounded pretty good for their business or private data. -shrug-
