Ok, call me a paranoia if you want. XAMPP is really nice, I have been using it on my dev server for quite a few years now and recently I have decided to host all my websites on my Mac mini, no more third party hosting service , yea!!
The thing bothers me the most about using XAMPP as a production server (or all Apache server for that matter) is, if someone try to hack in without proper credentials, it will display way too much information about the server. Why volunteer more information to the possible hacker? If you feel the same way, here are two ways to block the display of the information:
1. Go to /Applications/XAMPP /xamppfiles/error/include, there are there files, top.html, spacer.html and bottom.html. In the top.html, change the background-color of the body (background-color), link color a:link (color) and text (color) to #000 or whatever color you like,just make sure all three are the same color.
2. The other way is in bottom.html, command out every line that outputs information.
I use both of the above. Now I can sleep better using XAMPP as my production server.