Disabling password expiration poses a security risk as it allows user credentials to remain unchanged indefinitely. This increases the likelihood of compromised accounts going undetected, potentially leading to unauthorized access and security breaches.