A private key should never be given to a third party (preferably not even a trusted one), and downloading the private key generated by CloudFlare would also negate the "private" feature. Furthermore, you don't upload a crt (certficate) file for a CA to sign, because that is the result of a CA's signature. You upload a certificate signing request (csr) after having generated a private key on the same machine where the key/certficate will be used; this way you are sure you have never lost control over the private key.

With respect to StartCom I don't really see the problem or why anyone would step up to offer something better for free. Certificates are a money making business and with StartCom you get the security you pay for ...

I believe the CEO said in their last post here that certificate pinning and custom certificates (even EV ones) would be supported by their new plans. (Can't remember if you have to pay $$$, though)

I imagine it will take a short amount of time after this change to realize that.