That assumes developers with access to the database are a _threat_, which is not exactly the posture one might expect or prefer.

If your database error messages are exposed to users that actually are a threat ... that already seems like a world of pain.