On documentation section 5.1
Security Considerations
The following collection of configuration options are useful for limiting access to a mongod instance. Consider the
following:
bind_ip = 127.0.0.1,10.8.0.10,192.168.4.24
auth = true
Description after that lists three parameters: “bindIp” , “enabled” and “authorization”
So that enabled=false is missing from example