There aren't really any innate problems with running a debug app. If someone grabs your unlocked phone, enables Developer Mode, and starts debugging they might be able to grab sensitive information from the app's memory slightly more easily xe2x80x94 but that's not particularly realistic and easily countered with a lock screen.
Debug information will also make it harder to make use of security through obscurity, which we all know is not real security. This obviously isn't even a factor when it comes to open-source apps, since they can simply inspect the source to find a flaw.
However, the specifics of what code paths you've added for debugging can definitely be security holes. Maybe for testing and verification purposes, the debug version writes the user's password out to logcat when they sign in, for example. There is a great deal of PII that could be exposed this way.
For an end user, all that you know is that it's probably more likely for an arbitrary app to leak information if it's a debug version. Unless you are searching for it yourself, you're not likely to see it. That's probably enough reason to avoid such apps xe2x80x94 doubly so since a developer who doesn't know the difference between Release and Debug versions is probably not protecting your data very competently either.
Dan Hulme also made a good point in chat: A debug version probably won't be properly signed, meaning that it could be "upgraded" from a malicious source. I would again presume this to be an unlikely occurrence, but it is another point against it.