You put the SpringBoot jar in the server, it will use the localhost mongoDB, don’t need to open the remote connection
On the other hand, if you open the remote connection, then hacker will finally get into your database, no matter you set password or not.
Without password, It supprises to me that a hacker immediately gives me notice to ask me to pay.
With password, I am sure that may hackers a white but password is still very weak.