In general I think this is fine (if we don't forget to document it :) ).

It would give people a way to influence the behaviour there, if they need to,
e. g. the example you gave via using "gdb -p". So this is a convenience
feature mostly, the way I see it.

I have two comments, though. The first one you wrote yourself, security issues.

I am not sure what/if security-related issues can arise, so I am not really
qualified to comment. It may help if we could put specifics into this, e. g.
what might be a real issue here (I really don't know).

The other part is the name; I understand the prefix "RUBY_", this is fine
IMO. Makes sense to assume that those prefixed with "RUBY_" should refer
to the programming language ruby.

The part "ON_BUG" is a bit strange. I understand that you refer to the
function rb_bug() (in C I guess). But I still find the name a bit strange;
to be "ON_BUG" implies some conditional such as "on bug, do this". But I
don't have an alternative suggestion and any name could be re-considered
at a later time; or it is not so important anyway, since this is only for
debugging. So I think the functionality itself is fine.

If this is approved and added, I would recommend to also describe the
assumed use cases for it, e. g. "gdb -p" and whether other debuggers can
be used too. Describing these use cases may be helpful for a later time
when the software ecosystem may be different to e. g. 2019.

There is no comment so I pushed this change.