Re: I'm too SQuooL for school
No, when I played with MongoDB it by default did not have user/password authentication. I'm guessing the comment is directed at this behaviour. I think I remember that they changed this in the last year or two, my experience is from 2014.
There was another significant breach that relied on this. The attacker was able to get into the network and from there access the MongoDB without authentication. Relying on your database being in a DMZ as your sole line of defence really isn't enough.