It's not wrong, given that it's a reply to this statement: "... without having to setup TLS on your origin server." Strict mode is optional. It's certainly possible (and highly recommended!) to use transport encryption in both directions with CloudFlare, but that's not what jephir described here.
You don't need to buy certificates. There are at least four CAs offering free certificates, with at least two (Let's Encrypt and StartSSL) offering API-based issuance. Getting a publicly-trusted certificate from Let's Encrypt is roughly the same amount of work as finding out how to get the OpenSSL CLI to issue a self-signed certificate, or using CloudFlare's tool to get one from their CA.
