Hi,
Was your employer comfortable with a hosted bug tracking solution, or it just had to be in house for security/paranoia reasons?
I can see small teams of remote developers benefiting from it, but most bosses (i would think) would be to paranoid to let someone else know of their internals.
I make the call on this myself and I prefer the hosted solution because it reduces the maintenance overhead. We have a small team.
Once you choose a reputable solution then the fear of exposing your internal business is not there. I don't want my team spending time trying to maintain servers, I want them developing software.
I would imagine that larger teams would have a different perspective.
In-house due to security concerns of having data off-premises.
Cost vs Benefit mitigates paranoia in my experience. If you can outsource and save a bunch of money doing it (or free up critical internal resources) its amazing how security can become less important and/or more easily satisfied by appropriate business/service agreements.
The other aspect to consider is the big picture. What else is outsourced? E.g. if your email is outsourced, that's likely far more critical. What about faxes? Or backups? Or phone calls? Or your internet itself? In this bigger realm, the bug tracking system might be the least of concerns.
Finally, just who is "someone else"? Is there a competitor motivated enough to find the outsource vendor, break their security and get into your bug system? And is that really so much harder than someone breaking into an internally hosted solution?
Yeah, I've worked with companies that have outsourced bug tracking (and svn) and been very happy with the results. The business benefits and far lower costs of outsourcing to reputable companies that do this well vs doing it internally have offset the perceived risks many times over.
Good luck!