The only way I can see Flexible being less secure than Off is... malicious folks looking for those flexible connections (http) between known cloudflare servers and your web server. Having SSL on the client side suggests you have important/private/financial data, so it might be worth their efforts to looks for insecure transfers between CF and your server.
Aside from that conjecture, I'd consider Flexible as dangerous, a liability, false sense of security, or simply lieing to your clients. They think their connection is secure, when it's really not.
It's odd to me that CF even offers Flexible.