http://msdn2.microsoft.com/en-us/library/94c55d08(VS.80).aspx

Security Note
When tracing is enabled for a page, trace information is displayed in any browser requests that page. Tracing displays sensitive information, such as the values of server variables, and can therefore represent a security threat. Be sure to disable page tracing before porting your application to a production server. You can do this by setting the Trace attribute to false or by removing it. You can also configure tracing in the Web.config file by setting the enabled, localOnly, and pageOutput attributes of the trace Element (ASP.NET Settings Schema). The Trace attribute in the @ Page directive takes precedence over attributes set in the trace element in the Web.config file. Therefore, even if you disable tracing in the Web.config file by setting the enabled attribute to false, the page might still show tracing information if the Trace attribute in its @ Page directive is set to true.