Since you're using cloudflare already you could utilize their cloudflare tunnel feature, that way you don't need DDNS or any open ports, and your home IP will be hidden.
It really depends on who your adversaries are that you want to keep private. The coffee shop owner + their ISP + your ISP, or cloudflare. Seeing as cloudflare MITMs an insane amount of the internet these days I'm way more suspicious of them than I am of the alternative. If you're really after privacy I'd recommend self hosting wireguard or something.
Right, but that's why I said it depends who your adversaries are. Really though, think why you care so much about privacy.
Is it because you're doing some shady shit? Probably should do everything in your power to avoid clear text communication every step of the way, including cloudflare.
Or is it (like me) because you are so sick of the corporate surveillance and monetization of your internet activity, and you want to fight back? If that's the case you should absolutely avoid cloudflare like the plague since they literally see all traffic for every website they sit in front of, which these days, anecdotally feels like >50% of the internet.