There is no way for you to prevent a user from finding out what your program does, if the user has enough knowledge.
Even without PDBs, a technique called reverse engineering could be used to find out what your program does. Programs like IDA Pro are really good at it. Programming languages like C# and Java that use an intermediate language are almost delivered in source code. Tools like dotPeek can show decompiled source code and it's unbelievable how close it is to real source code.
Regarding PDBs, there are public PDBs and private PDBs. You would usually give the public PDBs to the public (as the name suggests) and keep the private PDBs for internal debugging purposes. It's possible to convert private PDBs (which contain more information) to public PDBs using a tool called PDBCopy (use the -p parameter).
Simplified, you can think like this: public PDBs contain information about methods that have the public keyword (or equivalent, depending on your programming language), private PDBs have information about all methods (protected, internal, private and whatever keywords there are).
PDBs do not contain source code; they only contain a link to the file that was used at compile time. That way, people could figure out the local file structure of the build server, which might be considered as a security risk. IMHO, it's acceptable.
Personally I would not worry too much about giving away public PDBs. Even Microsoft does it for Windows. And you can figure out the local directory structure of Microsoft's build server ;-)
For example, the file combase.pdb (with symstore hash 10EDC6786A36FBF7D9EE585F00212CB41) contains (among others)
d:\os\obj\x86fre\onecore\com\combase\dll\objfre\i386\combase.def
onecore\base\appmodel\common\removedirectorytree.cpp
