It would depend on what the hosting service has installed (prebuilt binaries, compiled from source) and what additional steps they’ve taken to ensure the service is production-ready. MongoDB publishes a basic security checklist in their online security manual and Andreas Nilsson wrote a pretty comprehensive post on security best practices, with links to ancillary resources.
If you’re concerned about the security of your hosted MongoDB instance, I would send a copy of the checklist to your hosting provider and demand that they confirm that they comply with the recommendations in the checklist. Better yet, it would be far more comforting if they would publish an audit that demonstrates they meet or go above and beyond the recommendations in the checklist.
It’s difficult to ever know if a service truly complies or simply gives lip service. In this case, you could try to confirm for yourself by using Shodan, WireShark, an http browser, port scanner, or some other tools to see if you can find and gain access to your database.
I hope this helps.