This is true! But you have a little more control over who you might choose to trust. For example - you might trust AWS not to snoop in your VM more than you might trust CF to not collect valuable usage data about you when they decrypt your traffic.
Agreed - there’s a big difference between “I actively asked CF to terminate my TLS” and “I suspect my provider is scraping unencrypted data out of my running VM”
I doubt there is less monitoring at a VPS than CF. Many VPS companies are less known and smaller, and may not have professional audit and access processes in place.
