Malicious people will ALWAYS find a way to hide their payloads. Some are more obvious than others. The semicolon is barely relevant here.
Sloppy code is also always going to exist, again regardless of any specific problem. Is this good code?
try: obj.func()
except AttributeError: pass
Not really, no; but it doesn’t use a semicolon.
Oh, sorry. You don’t want semicolons. Lemme rephrase.
Not really, no.
Still, it doesn’t use a semicolon.
The semicolon has a perfectly reasonable use both in English and in Python. The fact that you don’t OFTEN see it does not mean that it is unimportant.
In addition, you won’t solve anything by deprecation. Malicious users aren’t going to be stopped by deprecation. Sloppy code won’t be bothered by anything until there’s at least a warning, and even then, there’ll need to be a way to silence the warning since legit code will need to still use this. So people will just slap that warning-silencer at the top of their code and move on.
How do I know this? Search the web for “pip environment is externally managed” and see how many posts explain how to override the check, usually after first suggesting a venv, but not always. We had a discussion of the problem here on Discourse a few months back. When you put artificial pain into something to try to force people to act differently, most people’s response will be “what’s the easiest way to stop the pain”. And that’s true even when there’s a legit reason to make the change, as with the pip example.
Deprecating the semicolon is a waste of time. It won’t achieve anything.