Support have responded to this, specifically in agreement with @floripare,
This is not a paste of their reply…
The vulnerability that this rule is mitigating is:
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
Free plan users can’t disable this rule without upgrading and given that it is not an issue with WordPress’ core function, it is unlikely that this rule will be modified.
The rules active on the free plan are to protect against specific vulnerabilities, as explained in this blog post, this rule is not mentioned, but the principle is similar.
It is not recommended to disable this rule even on a higher plan due to the vulnerability that it is protecting from.