It's dangerous if you start running against production sites, or sites that aren't fully owned by you. If you broke into Microsoft.com, for example, expect a lawsuit. However, if you pair two machines together and run Backtrack/Kali on one and something along the lines of Damn Vulnerable Linux on the other and just attacked your own local network, it's fun, safe, and informative.
I would actually encourage developers to learn about pen testing. If you know how people are going to misuse your application, you know what to watch out for when you're designing it. And trying to break your own app gives you some new insight into what you're doing right and what you're doing wrong. You can feel a sense of pride and accomplishment for every attack that fails to break something.
Long answer: Sometimes. It's also one of the most frustrating things you can engage in. Up until the point where you have a 'eureka' moment, you feel like every step you've taken was through a tar pit. Pentesting is definitely full of pain; it's easy to imagine it's nothing but an adrenaline rush, since that's what people are inclined to discuss--but that's not the case at all.
Edit to answer the other half of the statement:
Pentesting is not dangerous. Malicious network activity (i.e. network activity which the target does not desire) is dangerous. There are lots of great resources (OffSec offers fantastic training, for example) on the topic, and there are gobs of free resources as well (CoreLan, interactive stuff like SmashTheStack's CTFs, DamnVulnerable Linux, etc.) for learning about the topic--tools, methods and such.
Parts of it can be fun, but much of the time is spent writing tedious (and repetitive) reports, documenting each step you took for each compromise. Dealing with unrealistically limited scopes. Often clients don't actually care about increasing their security posture -- it's usually about compliance with XYZ (PCI, etc).
(Good) pentesters don't just run hog wild on a network compromising things left and right with Chemical Brothers blaring through their headphones. It's pretty methodical, and it's all documented and screenshoted for the client's benefit. You want your clients, both the technical and executive people in the org, to understand what you accomplished and how they can mitigate.
I would actually encourage developers to learn about pen testing. If you know how people are going to misuse your application, you know what to watch out for when you're designing it. And trying to break your own app gives you some new insight into what you're doing right and what you're doing wrong. You can feel a sense of pride and accomplishment for every attack that fails to break something.