They put up a blog post explaining their decision a little while ago.
I take some umbrage at Cloudflare's rationale. Their position regarding this site, as well as various other sites, seems to be "we're just a proxy." The issue with that defense is that by proxying for a site, the Cloudflare service hides and obfuscates whatever provider is actually hosting the content. This is a) by design, and b) necessary in order to make the DDoS protection effective. That doesn't make it any less problematic.
Cloudflare wants to pass the buck somewhere else in the "infrastructure stack," as they call it, and I don't necessarily disagree that what amounts to a glorified transit provider is the wrong place to be implementing blocks. But given the very nature of Cloudflare's service, how does one figure out where else to complain? When a site is using Cloudflare, all roads dead end in Cloudflare's network. The site's name servers are in the cloudflare.com domain. The site's A records are inside Cloudflare IP space. Cloudflare is the primary visible service provider in these scenarios, whether they host any content or not.
Case in point, I've watched this story play out with some interest over the past couple of days. I still have no idea where Daily Stormer's content was actually being hosted. It almost certainly would have violated the AUP/TOS of that hosting provider, and they probably would have terminated the site directly. But with Cloudflare in the way, no one knows who to complain to.
When your business model is being a black-box opaque front for all comers, don't be surprised when the world directs its anger at you.