While any indictments of OP as being not only a faggot but also a shill are undoubtedly correct, the questions being raised are still open to those curious, as Ninja >>295088
himself has mentioned.
Meaning that if you wanted to find security flaws in the code here, nothing is really stopping you, and an accusation that the site is a honey pot just because it uses JS doesn't quite mean that's the case on its own, not that OP here is about to go through all that with a fine-toothed comb. JS is known to have all kinds of security flaws that might be hard to catch just due to the nature of the language though, and it might be enough to raise the question, speaking in terms of adversarial thinking. The knowledge that client side JS can be analyzed means that the question of the vulnerability of cross-site scripting by just about anyone could additionally be raised (although against which there are defenses available by the way, none of these vulnerabilities OP has raised a concern about), and generally JS is a technology that many in the security community advise to avoid altogether, but again to accuse a website of being a honeypot just because it uses JS doesn't mean you can say as such beyond question, and mods and admins have thus far been anything but uncandid about this type of thing.
Cloudflare I'm less familiar with, however a glance at InfoGalactic doesn't give any impression that they're actively working with those that might be interested in setting up a honeypot. They stopped working with 8chan after the El Paso shooting last year but their encyclopedia entry doesn't give any impression that they're helping to identify anyone of interest to three-letters. They have taken more heat over the years for keeping an (albeit weakened) policy of content neutrality than shutting down sites, and even after terminating services with these organizations it does not appear that they have given away any information about them or their users. They also release a transparency report about what LEAs have contacted them for semi-annually, and it looks like there are no claims that they're leaving anything out on those yet. This anon >>292977 →
has mentioned that>Cloudfare is the owner of the expressway, we are just drivers using its infrastructure,
and combined with the above knowledge that seems to suggest that they aren't farming data, but from a "trust, but verify" perspective, the founders had all worked on something literally called "Project Honey Pot" before starting Cloudflare, which means they would know how to collect data on someone without them knowing about it, however that would be more of a concern I would have with Cloudflare and not /mlpol/, and again to my knowledge Cloudflare hasn't shown any signs so far that point towards it definitively being a honeypot.
After typing all this out I've seen that >>295079
has the gist of what I was trying to say about this one.
TL;DR: Neither of the accusations leveled seem to be enough to confirm that /mlpol/ is a honeypot, however with a qualification that it might be enough to raise a question about its security practices from anons with limited technological knowledge taking a "trust, but verify" perspective.
Maybe a thread could be created on /qa/ for those of us /mlpol/ers that are curious about the technological side of things for whenever this question is brought up, as it likely will be time and time again. However, coming from the intuitive sense of the place and the conversations that have happened here, including leaving this very thread up for target practice, /mlpol/ is one of the places that I'd be far less worried about than say, 4chan.