Can someone explain how leaking a traceback is a security flaw, considering it's a lot less information than just releasing the source code (which we do all the time and don't consider it a security flaw)?
There's nothing inherently insecure about it, it's just more information that a potential attacker has to use against your system. Obviously, if someone breaks into your system from the information in a traceback, it's likely because of a deeper security hole in your system, so hiding tracebacks is just security through obscurity, but given the choices of publicly showing this information vs not, it's better not to.
WRT to open source: in open source software, you theoretically have many benign eyes vetting your code for security issues, whereas with closed source applications, the only people who are looking for security holes are you and attackers. :)
WRT to open source: in open source software, you theoretically have many benign eyes vetting your code for security issues, whereas with closed source applications, the only people who are looking for security holes are you and attackers. :)