IMO this should be on by default because sensitive / private information could be leaked.

Part of me agrees, but I am also concerned that it will degrade the quality of bug reports, leading to people reporting very generic database error messages. Perhaps my concern can be met by ensuring the error messages get a coordinating ID against what goes into the telemetry (assuming the user has that enabled). We'd also need to make sure that users of sites can report errors in clear way, because the error log doesn't have stack traces and I'm not sure if the admins will have error notifications turned on. Maybe we need to consider coordinating IDs in the error log and automatically linking to some directory of dumped stack traces. We already have a system whereby error messages can be replaced with a generic error screen, with actual traces logged into a directory - perhaps that needs merging with these ideas.