During development of our upcoming MODx extra, I just made my thoughts about the MODx error log and if this file is kind of a security "problem"?
Many (if not most) modx sites have their core folder in webroot therefore the error log is reachable through the web (
http://www.mysite.com/core/cache/logs/error.log).
I just made a short test and had a view in some error logs of MODx driven sites. You can find interesting informations in this logs (file structure, database tables, and so on ...)
What I'd like to say is that I think - as a developer - you should carefully decide which informations you write into the error.log.
How do you secure the MODx error.log?
best wishes,
Martin