You can disable that; both at a network level, and in the browser itself. You can also choose a different DoH provider if you don't want to use cloudflare.

Yes, it should be disabled by default but it not the end of the world. I would hazard a guess that when Chrome implements something similar that it won't be so easy to disable.

Why couldn't pi-hole answer over http as well? You would also be able to use it from outside your home, without leaking your DNS traffic, or risking interception.