From what I understand running high bandwidth things like video streaming through cloudflare tunnels will get your cloudflare account banned or charged (which is why they require payment info to setup tunnels).
Best to keep things like emby, jellyfin, and Plex to tailscale or just open the port.
Idk how emby works but with Plex I feel pretty safe having port open. Since any logins have to auth though Plex's servers.