I have been running XAMPP on Windows 2008 R2 for many years now, I'm only using Apache, MySql and FileZilla. I have made many custom adjustments and upgraded it serveral times. I have addressed all the security issues I have been able to find. Running as services, the servers are never down as long as Windows Server is up. They are incredible stable. Why on earth do people tell me I should not do this? None of the Q or A's I have seen here deals with the specifics, most of them ends up in typically "it's not recommended", "it's says so on the XAMPP web site, therefore it's bad". I understand that you shouldn't use XAMPP out of the box for production because it is not secure. But having changed all root users, using https/certificate instead of plain http, using MySQL users with limited privileges in my scripts, using prepared statements (either PDO or mysqli) in php MySQL queries, catching exeptions, handling errors, protecting file folders and the nitty gritty of php programming I cannot see why I can't continue to use XAMPP for production. I have NEVER experienced ANY trouble. I have settled with the perception that security is not the main problem, there must be something else. Maybe scalability or manageability of large websites with millions of users (which is not my case)? Please tell me, but only if know what you are talking about!
EDIT: I got a noteworthy comment elsewhere:
It's just not meant to do anything more than development and boutique use. And the opinion based comments tell you why the exchanges tend to kick these kind of questions off as people who've worked with XAMPP and WAMP kind of have been there and weren't impressed, but didn't bother to gather empiric data to back up their opinion.
This is a fair comment, and it might also be THE best answer I will ever get, but it I can live with that. It is great cue for exploring new computer architectures for my software.
Like you say yourself, it's all about security and out-of-the-box, XAMPP is pretty insecure. Apart from that there are no real drawbacks that I can see. The software in XAMPP is regularly used in stable, secure, commercial systems. It takes a bit of knowledge and time to configure XAMPP to become secure enough for production use (and this is the reason why people keep telling you not to do it), but since it looks like you've got it covered there should be no problem.