What security problems could come from exposing phpinfo() to end users?

Question

If a phpinfo() dump is shown to an end user, what is the worst that a malicious user could do with that information? What fields are most unsecure? That is, if

Answer 1

Besides the obvious like being able to see if register_globals is On, and where files might be located in your include_path, there's all the $_SERVER ($_SERVER["DOCUMENT_ROOT"] can give clues to define a relative pathname to /etc/passwd) and $_ENV information (it's amazing what people store in $_ENV, such as encryption keys)