I maintain a few ldap based samba domain controllers and will always choose one site to do a world upgrade. The one I chose on 19th April just happens to have a bunch of Appgen users to access the server with telnet. I had done an emerge --syn -q and then emerge -ua world to get a list of what would be updated first. I found sys-auth/nss_ldap-264-r1 as a package to be updated in the list that I decided would be fine so hit y and let it roll! It did not take to long before I had a call from the customer saying they where now seeing ldap messages in all their telnet client screens. 
On further investigation I found that they were actually nss_ldap debug messages.
I decided - no probs lets just go back to the older version of nss_ldap!
Emerge -Ca nss_ldap && emerge =sys-auth/nss_ldap-258.
It was just the same. After hours of trying to find why nss_ldap produced the debug messages I eventually found a comment via google that talked about adding enable debug when running configure! I then looked at the nss_ldap ebuilds and everyone in the portage tree now has debug in the IUSE line!
The solution was simple! put a -debug into /etc/portage/package.use for nss_ldap!

Reproducible: Always

Steps to Reproduce:
1.emerge nss_ldap with default ebuild IUSE flags in a world update
2.
3.

Actual Results:  
nss_ldap now litters everything with debug messages. User stdout/stderr log files.

Expected Results:  
nss_ldap ebuild should give and message on emerging that warns about the now enable debug flag!

It is only going to happen on a system using ldap for user accounts.
Whether those accounts are on a local or remote ldap server
I might have picked it up if I had done an emerge -uav world and seen this new use flag! But I sort of trust developers to give a warning message about newly added IUSE flags!