if one player is being a server, isn't he allowed to easily hack?
Many, many games have been quite successful with this model, though. Until just a few years ago, that was the only way that network-hosted games were written.
You still need a server for matching up the hosters with the players, but that's an easier thing to operate.
If you think your game will be popular, and there will be incentive to cheat, then you may need to change to run the servers on your own. The good news, though, is that, because players go to your matchmaking service to find servers, you can make that change later, without breaking anything that already exists.
So, I would recommend this sequence of implementation:
1) Build the game, with manual hosting, and the player having to enter a target address for the game server.
2) Make the game super fun!
3) Build a matchmaker, where hosted games register, and client players can find and join games.
4) Make this matchmaker, and the NAT punch-through, robust!
5) Now if the game is fun and robust, you may start seeing cheaters as a problem. Move servers into your own hosting, and advertise them in the matchmaking as "secure" or "premium" or whatever.
If you complete 1) and 2), you're better off than 99% of all other game projects on the planet :-)