It's true that internal (e.g. security) related errors should not be exposed to the user. This way you don't provide malicious users any critical info that might expose bugs or security holes whereby the integrity is improved. As you already wrote in your question, depending on what kind of error it is, you might return a 404 error page.
In case of e.g. CSRF form protection, revealing errors might even break the security measure depending on the implementation and data exposed.
I recommend you have a look on Google Webmaster Tools Help and on Wikipedia where the (4xx) HTTP Status Codes are explained in detail. Then choose the most appropriate for your use case.
Use the PHP.ini and/or .htaccess to turn off error reporting (depends on your server setup - I assume you use Apache). There are several things you can do to not return errors and critical information to the user. For example, you might stop the server from sending the PHP version (the X-Powered-By header) to the users browser. You can override it or remove it completely. Then also use "pretty urls" to prevent the user from knowing your server side programming language. Also the most common measure I've seen is to disable "error_reporting" (which is standard for production code anyway - laravel provides error reporting options in the app config). Also have a look at this site: Advanced PHP Error Handling via htaccess .
In the comments Thomas mentioned another case where it's recommended to get as much data as is available for logging and solving issues. I don't know your programming skills and experience, but have a search on Google about your specific question. Trust me, the answers are out there already. Don't search specifically for Laravel at first, as this might not return the desired results. Try to adapt the given solutions to the Laravel Syntax yourself. This also helped me to get to know the framework better.
To make it short, decide depending on your use case on what to return to the user. Also consider if showing info at all is essential.
In case you're still struggling, let me know and we'll try to get it solved.
