You could easily be giving the crackers information that is very useful to them. Like, for example "hey look this CGI program is implemented in Perl". Even that seemly innocuous piece of information tells them useful things that they shouldn't know. They know that Perl is installed on your web server. Depending on the error they see, they may have clue as to the version. Some (old) versions of Perl have CERT security advisories against them. You don't want crackers knowing that you're running these versions.

Always remove fatalsToBrowser from production code, but leave in use CGI::Carp as it will give you well-formatted and timestamped messages in the error log.

If the answer to this question is no, is there a standard dienice routine, or should you roll your own?

I'm far from convinced of the need for a dienice as you see described in many beginners CGI books. In many cases the default web server "500 error" page works just as well and you've got all the details in the error log.

--
<http://www.dave.org.uk>

"The first rule of Perl club is you do not talk about Perl club."
-- Chip Salzenberg