That doesn't really help if the same Huawei bot keeps re-requesting a bunch of 600 KiB JPEG from 120 rotating IP addresses with random crap at the end of the URL, like what happened to one of my servers. Efficiency doesn't really matter if you're getting hammered by bots.
I ended up aggressively IP blocking all of China, Singapore, and a few other East-Asian countries once I noticed that blocking server IP addresses just made the botnet switch to residential IPs. I didn't switch over to Cloudflare, but now a couple billion people can't read my website, which is arguably worse (but cheaper).
Also, a handful of people seeing an annoying checkbox is hardly a reason to re-architect an entire website. I am as opposed to Cloudflare taking over the internet as any sane person, but the usability story isn't really an argument for that kind of time investment.
The alternative to Cloudflare isn't some magical system that works for everyone but bots, it's hard-blocking IP ranges on the network level for anyone who doesn't fit the "normal" user profile.
Try using anubis. It uses a PoW challenge to make it not make economic sense to scrape websites.
Anubis is trivially bypassed by anyone that cares to bypass it. All it does is inconvenience real users with niche/older/extended browsers or those who take basic precautions against tracking and malware.