In the HEDIR (Human Edited Directory) today, there's a post of an interview with Dmitri Dmitrienko, the author of the DBG Debugger, a popular PHP debugging option.
They talk a bit about the debugger and about what developers are really looking for when it comes to debugging (remote debugging). Dmitri mentions some of the "trials and tribulations" of testing and moving code around to get it out to production. He also gives his opinion on the interviewer's concerns about remote debugging:
It goes without saying that the access to the server should be given only to authorized personnel, especially if the test server is located outside of local intranet. You should also make sure that remote debugging is done by qualified developers only. The person, who started remote debugging session has a great power - he or she can run SQL statements, make calls to fopen or fwrite or other equally dangerous functions. That is why we never get tired of saying - use SSH tunneling for remote debugging.