Here is another question to look at:
Are there any security issues leaving the PDB debug files on the live servers?
And more info on PDB files:
PDB Files: What Every Developer Must Know
In general, I always include pdb files in my deployments, the gains are too huge to ignore.
If you never expose a stack trace to your users (and generally you shouldn’t), there isn’t really any additional security risk of deploying PDB files.
When a user visible stack trace happens, the user can see the full stack trace including your file name and file line numbers. This could give them some idea of how your app is architected which would potentially help them if hacking.
A bigger security threat is something like Reflector which when used on your DLLs will allow them to view your source code, with or without pdb files.