Turning off debug mode in ASP.NET is one of the things that's mentioned even in the most beginner tutorials on ASP.NET security. Unfortunately, in website projects debug mode is the only way to obtain line numbers with exception stacktraces: you can't just enable PDBs while leaving the website in release mode.
Line numbers in stacktraces are exceptionally useful in figuring out the cause of those once-in-a-blue-moon exceptions that only occur in production.
Our server uses custom error handlers, and has tracing disabled. Are there any other ways in which the debug mode can be harmful for security?
Releasing PDBs gives the ability to easily reverse engineer the source code of your programs. I'd imagine that for your setup you'd have the compiled code running on a server you own and protect. Additionally, stack trace information would be protected by the security of your database server.
The security issue comes from a similar reasoning for hashing passwords. If an attacker can get into your database or server than they'll have an easier time stealing sensitive information in your source code.
It's all a matter of your risk appetite. If this is just some homepage without sensitive code then you may wish to accept the risk of information spillage and code theft in lieu of faster debug/development time. However if the reverse is true I'd recommend sticking to release builds in production and using a debug server outside of your production network for tracking down issues.
Also, using a logging system such as nlog may also be a good solution to detect issues without having to release PDBs. You'll need to write enough logging code to cover all your bases but the effort can be worth it if releasing PDBs is too risky.