If Hot Wallet developers already have access to users' databases, they certainly know what each person's private key is.
First of all, why do you assume hot wallet send private key to the developer or implement user/registration system?
So, what is the security of a Hot Wallet?
In short, security of the device you use and security feature implemented by that hot wallet software itself.