Is it possible for a name server provider to hijack MX records?

Is it possible for a name server provider to hijack MX records?

Let’s say:

1. We buy a domain from http://cheap-unsecure-domains.example.
2. Then in our control panel at cp.cheap-unsecure-domains.example we configure it to use the Cloudflare service.
3. We set some MX record at Cloudflare and point them to Google, for example.

---

• In theory it should be possible for cheap-unsecure-domains to hijack our MX records answering them by itself instead of referring to Cloudflare. Is this correct?
• If yes, is there any type of protection against this kind of attacks? Except using something like GPG.

I'm considering possible attacks on the receiving side.