One of my co-workers( Glen Gordon)  found a good article,  @ http://scottcate.mykb.com/Article_D5C6F.aspx

Bottom line: secure the trace.axd file with an entry in web.config. J

<location path="trace.axd">
        <system.web>
            <authorization>
                <allow users="admin" />
                <deny users="*" />
            </authorization>
        </system.web>
  </location>