First of all, you need to stop thinking that the two are related, they aren't. mod_security is there to protect the entire server, not just your XF installation. In a shared environment, hosting companies aren't going to relax the rules for one customer when it's going to affect everyone else on the server. For dedicated servers and VPS installations, it's a bit easier as it's just going to affect one customer. In this case, the customer should be able to go in and fine tune where necessary.
One of the great things about mod_security is the ability to fine tune. Unfortunately, this takes a bit of knowledge and time once a new mod_security installation is put into place. On a new server, it takes me around 2 months to get things fine tuned to where I'm satisfied that mod_security will do its job and won't interfere with the site. You can whitelist specific rules so your server doesn't trigger them. You can ask on the mod_security list for assistance in fine tuning the rule itself.
However, disabling mod_security in its entirety is just plain silly. If you don't have the knowledge to work with it, get someone who does.