Not all domains listed there are definitely affected. It might be good to know, if syncthing only uses Cloudflare DNS, or also Cloudflare SSL Proxy.
Even Cloudflare can’t tell how was affected. Their Head of Crypto explained, that the bug was triggered by only some of the Cloudflare customers, but the “memory dump” could contain data from any user from any Cloudflare customer.
There’s no private information that’s ever transmitted to syncthing.net, is there? Even if everything was leaked, there’s nothing there which is sensitive? No user sessions, auth, user accounts, etc (donations are made directly to vendors, I believe).
The forums are a different matter, but then the forums aren’t served from Cloudflare?
Nothing on Syncthing.net has been proxied by cloudflare for a good, long while.