Debug mode enabled in production allows arbitrary code execution

Flask running with app.debug=True or FLASK_DEBUG=1 in production exposes interactive debugger. Attackers accessing debug pages can execute arbitrary Python code on the server.

Never set app.debug=True in production. Remove FLASK_DEBUG=1 from production environment variables. Use proper logging and error tracking services instead of debug mode.