As an active maintainer of cert-manager (which is CNCF graduated), I can shed some light here. It's not just "give away trademarks for nothing"!

The CNCF pays for cert-manager's testing, web hosting and infrastructure costs and they paid for a professional security audit of the project. We get marketing help, exposure, talks, booths and other bits too. When we graduated last year, we got popcorn!

What I personally like too is that the CNCF provide a kind of "business continuity" aspect for open source, which is something I think about a lot. If the current maintainers got hit by an asteroid at an in-person event, there are CNCF people in our testing infra account and in GitHub who can log in and save the project. At the end of the day businesses have continuity plans for their projects, and for open-source projects of cert-manager's size it makes sense to do the same - and the CNCF neatly solves that problem for us.