I think I finally sorted out what the issue was for some users. If anyone is still seeing it happen, please let me know.
It had to do with CloudFlare's security settings inadvertently set way too high on the domain I use for static content (dpstatic.com), meaning a user could get to digitalpoint.com, but when they tried to access content from dpstatic.com, the system was presenting them with a captcha to solve. Which of course doesn't work really well when the content being accessed is something embedded like CSS, JavaScript, images, etc. (which is all that domain is for). The net result being the user never sees the captcha to solve and they also don't get the content (like the CSS file).
That also explains why it was happening to some users, but not others. Basically just happening to users that CloudFlare thinks are possibly "bad actors" based on IP, HTTP headers or whatever else.