What are the security implications of using an app built "for debug"?

I've just come upon several .apk files hosted with Github projects which are "compiled for debug" (i.e. having application-debuggable set, which one can e.g. check using aapt dump badging /path/to/apk | grep debuggable. Not being an Android dev, I only have vague ideas what that is for (extended debugging via ADB) – but that's not the question here. **My question is from a *pure end-user perspective:* What are the (security) implications of installing/using such an app? What are the risks one must be aware of?** Of course I searched the web for hints on this, but again only got vague hints like "thou shalt not", and "for a release this should be switched off" – no reasons, no background. For that one could think "obviously no big deal" – but notes like *Do spend some time thinking about the security implications for your users* in this context (see [this answer](https://stackoverflow.com/a/15392081/2533433) at SO) suggest differently. Can anyone here provide some insights?