Too much information in stack traces?

[Anthony Green]

While running a fully compiled Tomcat with jsp is extremely cool -
there's one thing that's been bugging me.  Any time there's an exception
in the servlet or jsp, Tomcat displays a page with a nice html version
of the stack trace.  It's fun to see the gcj stack traces there -- but
I'm wondering if we're exposing too much information.

The stack traces include PC addresses.  It seems unlikely that these
values are of any interest to people developing or using web
applications.  I certainly don't know much about network security, but I
suspect that it might be a good idea not to expose this information.

What do people think about a system property for enabling and disabling
certain kinds of information from showing up in the exception stack
traces?

AG