I'm developing a groovy macro in xwiki, and at present the stack trace generated when the macro fails is invaluable to debugging. However it does seem to be a security hole when others use it. Is there a way to turn stack traces off, perhaps just for users without programming rights?
First if by security hole you mean that the user can see the groovy code then any user that have view right on a document can view that code technically anyway so hiding the stack trace is not going to completly hide it.
Now for the answer to your question, the error is not really configurable so the only way I can think of would be to patch either the script macro (https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwiki-platform-rendering/xwiki-platform-rendering-macros/xwiki-platform-rendering-macro-script/src/main/java/org/xwiki/rendering/macro/script/AbstractScriptMacro.java#L286) or the more generic MacroErrorManager (https://github.com/xwiki/xwiki-rendering/blob/master/xwiki-rendering-transformations/xwiki-rendering-transformation-macro/src/main/java/org/xwiki/rendering/internal/transformation/macro/MacroErrorManager.java).