Your Magento developer should be skilled enough to have installed Magento 2 on your server in such a manner that all known vulnerabilities are eliminated.
Note
Magento, Inc. is generally good at attacking any discovered vulnerabilities in their platform by issuing patches and guidance to the user community. No server is 100% secure as some vulnerabilities may not have yet been discovered. However, you and your developer can make sure you address all the known possibilities.
However, any breach of security ultimately rests with you, the store owner. You should ask your developer for confirmation of the following:
File permissions: Are the files on your server properly configured to prevent outside access? (Hackers love to find unprotected files.)
Database access: Is any outside access to your database limited by the IP number?
Developer access: If your developer is employing other developers, what controls are put in place to control access? Is this access eliminated once the...