Who, when wanting to write a secure piece of software, thinks: "I know! I'll use JavaScript!"? Security was always going to be an afterthought at best. There are legitimate reasons for writing things in JavaScript, and none of them apply to a database.
What does this have to do with Javascript?
MongoDB is written in Javascript.
In part. According to the Github repo, it's 75% C++, 18% JS.