Of course, you can use it for production, but it is *recommend* for development.
It's pretty easy to use it for production.
You only have to keep in mind, that everybody, that uses Xampp, "knows" about your directory structure and the tools, you have installed. For example the Xampp Panel (
http://localhost/xampp), the PhpMyAdmin Tool (
http://localhost/phpmyadmin) and so on.
If you dont want other people using this Admin Tools, you have to hide or protect these. There are many ways to accomplish this:
a) use virtual hosts and define different DocumentRoot than "htdocs" which is default for "localhost"
b) or, hide the folders by simply renaming them (example: rename xampp-folder to xxaa - no one can "guess" that). But this a "weak" protection (even if it works pretty well).
c) or, protect the folders via .htaccess and Passwords.
d) or simply remove all of them!
For me, the best solution is using virtual hosts. So you can keep your original Xampp environment in your "localhost", but all requests coming from outside are routed to a different DocumentRoot - the "production" DocumentRoot.
Regards
Scory
P.S.: And, last not least, dont forget, that Xampp often uses VERY NEW releases of the software which is NOT YET tested in many production environments. That may be an issue also.