diff --git a/tools/lint b/tools/lint
index c90e6d22d4..ffa85b2935 100755
--- a/tools/lint
+++ b/tools/lint
@@ -187,15 +187,6 @@ def run() -> None:
         "--error",
         "--disable-version-check",
         "--quiet",
-        # This option is dangerous in the context of running
-        # semgrep-as-a-service on untrusted user code, since it
-        # causes Python code in the rules configuration to be
-        # executed.  From our standpoint, it is required for
-        # `pattern-where-python` rules, and there's no real
-        # security impact, since if you can put arbitrary code
-        # into zulip.git, you can run arbitrary code in a Zulip
-        # development environment anyway.
-        "--dangerously-allow-arbitrary-code-execution-from-rules",
     ]
     linter_config.external_linter(
         "semgrep-py",