As someone that almost got bitten by MongoDB's lax auth defaults, I was happy to read that DocumentDB has enabled access control out of the box and no default username/password.
It's important to be aware of security implications of leaving an unauthenticated server listening on the open internet (listening on 0.0.0.0 is not the default since some time now and if installing the rpm/deb package listening on 127.0.0.1 is the default option). Also never leave an internet facing server without a firewall.
As a SaaS it's not surprising DocumentDB got security configured, and it also won't be surprising when people lose data because they'll put '123456' as their password or commit their password to a public repository
Pretty much everything Azure does is over TLS and requires authentication.. some of the authentication for services is more convoluted than others.
Personally, I'm pretty happy with how easy it is to use the Azure Storage services (blob, tables, queues) as well as their Azure SQL offering. Far less arcane configuration options than you get with AWS's competing options. If only their compute nodes weren't so pricey.
Also, there's a query playground if you want to try it out quickly: https://www.documentdb.com/sql/demo