If you use the Session object to hold user state, the transition from ASP3 to ASP.NET is a bear.
and more importantly... why is ASP Script Debugging enabled?
Actually "echo errors to client" is enabled - useful for troubleshooting errors in new code. Turning it off does seal a mild kind of "information disclosure" but sometimes the error troubleshooting is so valuable that it's almost worth leaving it on.
Ideally there'd be a way to specify some kind of authorization method to be able to show errors only to certain developers/testers, and not to the general public.