While DEBUG mode is not defined and all configuration settings are pushed for production environment, a simple sql error can expose sensitive data to the public (a guest or bots) such as the database user and the database name, similar to this:

SQL ERROR [ mysqli ]

Access denied for user 'dev_user1'@'localhost' to database 'dev_phpbb_db' [1044]

How to reproduce:
Edit /config.php and change the $dbuser to anything other than the correct one. Then delete all files from the /cache directory except the .htaccess file. Refresh the phpBB page while you are not logged in (same happens while logged in). See the error.

My fix:
Edited /includes/functions.php
Function msg_handler(), on line 4029 the following code exists:

echo '			<div>' . $msg_text . '</div>';

Enclose this code in an IF statement as follows:

if (defined('DEBUG'))

{

	echo '		<div>' . $msg_text . '</div>';

}

In order to make the error appear more natural to the public but hide any information about it, the above statement can be like this:

if (defined('DEBUG'))

{

	echo '		<div>' . $msg_text . '</div>';

}

else

{

	echo '		<div>An error occurred. Please contact an administrator if this problem persists.</div>';

}