I don't have any actual statistics to back it up, but I've hosted a variety of things in Hetzner's cloud (and dedicated) options, and... it depends.
If you're hosting a website (or a database backing one) there is going to be a natural kind of ebb and flow as traffic comes in, gets processed, and answered. Since you're not utilizing a large amount of CPU consistently this actually fits really well into the shared core model - that's exactly why they can offer it. Even if a subset of requests take twice as long to fulfill this is usually not even noticeable to the user.
On the other hand if you're routinely running a large ETL process, resizing video or images, or any of dozens of other things I'm sure you can think of that are using a lot of CPU for prolonged periods you're going to notice it.
Specifically I have two situations I've run into: My TeamCity build agent will be unpredictable for longer builds - one might finish in 5 minutes, the next might take 10 - and when I had a Windows Server running as an Amazon Workspace alternative (RDP in, run Visual Studio, etc.) things like building and debugging an app were noticeably slower than if I did it locally or on my dedicated server (even with similar specs).
So if CPU usage isn't normally your bottleneck or you're scaling horizontally and CPU performance isn't as important it's a great option that will save you quite a bit. If your workload is very CPU sensitive you probably shouldn't be using a VM anyway and should look into a more dedicated infrastructure, but obviously there is also a middle ground to be had...
Depending on your data I'd also wonder about the security restrictions between tenants. It's a thing I consider on AWS as well depending on what I'm doing.
There are always risks with shared harware, known and unknown veunerabilities in the hypervisor or hardware. All the recent intel stuff, row hammer, etc.
The interesting question comes when people start implementing hardware hypervisors and what is the risk profile there.
Security, at the end of the day, isn't about what is secure and what isn't. If you want to be secure, don't get on the internet. Everything else is a exercise in risk tradeoffs and mitigation.
If I was doing anything with PII, cc#'s or any other data I never want to touch I wouldn't use shared hardware without hard thought on it.
Shared hardware from the big cloud players adds attack vectors, but it also comes with some of the best security minds trying to keep the entire platform secure.
For example, they'll typically be on secret mailing lists and aware of security vulnerabilities weeks before you know about them.
Don't think they guarantee anything but I'm running a few servers close to max utilization most of the time and performance appears relatively stable. But that will obviously depend on the machine you're on.
Most of the smaller cloud providers seem to run a similar model, I guess it's worth it unless you need predictability.
With these shared core machines, I wonder what the performance reliability guarantees available and how it compares to the dedicated core machines.