Thats kind of a double-edged sword.

To start, its perfect for development, espeically while you're the only person accessing the page. Its an invaluble tool to use for debugging, instead of going back and forth from logs to browser to code.

However deployment is another issue. How sure are you of your code? I run an open source samba search engine (Phynd) and leave fatalsToBrowser on. Why? One, it helps in bug reporting. If a user gets an error, they can explain it in more detail, expeically with the error they got - it cuts down on a lot of the tailchasing. Second, theres nothing really sensitive that could be displayed. Variable names and search queries, yes, but since one can download the source, how would that hurt? I'm not dealing with passwords or anything sensitive either.

If you *are* dealing with sensitive information or are using building a closed source solution, then fatalsToBrowser may not be the best alternative.