RFC-capable function modules can contain sensitive data, such as, password or credit card numbers. When debugging a remote-capable function module this data can be read in the plain text.
Such RFC function modules are, for example, in user administration (BAPI_USER_CREATE1) or RFC destination maintenance (DEST_SET_PASSWORD), but also in many other areas.
It is therefore important to only grant debugging authorizations restrictively and only to those who are trustworthy.
Debugging authorizations are defined with the authorization object S_DEVELOP.
You can find out more about debugging under: