diff --git a/pymongo/cursor.py b/pymongo/cursor.py
index 65f270512..78dffc662 100644
--- a/pymongo/cursor.py
+++ b/pymongo/cursor.py
@@ -394,7 +394,7 @@ class Cursor(object):
             # Make a shallow copy so we can cleanly rewind or clone.
             spec = self.__spec.copy()
 
-            # White-listed commands must be wrapped in $query.
+            # Allow-listed commands must be wrapped in $query.
             if "$query" not in spec:
                 # $query has to come first
                 spec = SON([("$query", spec)])
diff --git a/pymongo/mongo_client.py b/pymongo/mongo_client.py
index 64e3e2e4a..a1152cc82 100644
--- a/pymongo/mongo_client.py
+++ b/pymongo/mongo_client.py
@@ -435,12 +435,12 @@ class MongoClient(common.BaseObject):
             ``tlsAllowInvalidCertificates=False`` implies ``tls=True``.
             Defaults to ``False``. Think very carefully before setting this
             to ``True`` as that could make your application vulnerable to
-            man-in-the-middle attacks.
+            on-path attackers.
           - `tlsAllowInvalidHostnames`: (boolean) If ``True``, disables TLS
             hostname verification. ``tlsAllowInvalidHostnames=False`` implies
             ``tls=True``. Defaults to ``False``. Think very carefully before
             setting this to ``True`` as that could make your application
-            vulnerable to man-in-the-middle attacks.
+            vulnerable to on-path attackers.
           - `tlsCAFile`: A file containing a single or a bundle of
             "certification authority" certificates, which are used to validate
             certificates passed from the other end of the connection.
diff --git a/test/test_auth.py b/test/test_auth.py
index 52159e4f3..76b320fcb 100644
--- a/test/test_auth.py
+++ b/test/test_auth.py
@@ -35,7 +35,7 @@ from test.utils import (delay,
                         rs_or_single_client,
                         rs_or_single_client_noauth,
                         single_client_noauth,
-                        WhiteListEventListener)
+                        AllowListEventListener)
 
 # YOU MUST RUN KINIT BEFORE RUNNING GSSAPI TESTS ON UNIX.
 GSSAPI_HOST = os.environ.get('GSSAPI_HOST')
@@ -354,7 +354,7 @@ class TestSCRAM(IntegrationTest):
         super(TestSCRAM, self).setUp()
         self._SENSITIVE_COMMANDS = monitoring._SENSITIVE_COMMANDS
         monitoring._SENSITIVE_COMMANDS = set([])
-        self.listener = WhiteListEventListener("saslStart")
+        self.listener = AllowListEventListener("saslStart")
 
     def tearDown(self):
         monitoring._SENSITIVE_COMMANDS = self._SENSITIVE_COMMANDS
@@ -363,7 +363,7 @@ class TestSCRAM(IntegrationTest):
         super(TestSCRAM, self).tearDown()
 
     def test_scram_skip_empty_exchange(self):
-        listener = WhiteListEventListener("saslStart", "saslContinue")
+        listener = AllowListEventListener("saslStart", "saslContinue")
         client_context.create_user(
             'testscram', 'sha256', 'pwd', roles=['dbOwner'],
             mechanisms=['SCRAM-SHA-256'])
diff --git a/test/test_change_stream.py b/test/test_change_stream.py
index 8c1bec1a6..e891e1403 100644
--- a/test/test_change_stream.py
+++ b/test/test_change_stream.py
@@ -45,7 +45,7 @@ from pymongo.write_concern import WriteConcern
 from test import client_context, unittest, IntegrationTest
 from test.unified_format import generate_test_classes
 from test.utils import (
-    EventListener, WhiteListEventListener, rs_or_single_client, wait_until)
+    EventListener, AllowListEventListener, rs_or_single_client, wait_until)
 
 
 class TestChangeStreamBase(IntegrationTest):
@@ -60,8 +60,8 @@ class TestChangeStreamBase(IntegrationTest):
         return self.change_stream_with_client(self.client, *args, **kwargs)
 
     def client_with_listener(self, *commands):
-        """Return a client with a WhiteListEventListener."""
-        listener = WhiteListEventListener(*commands)
+        """Return a client with a AllowListEventListener."""
+        listener = AllowListEventListener(*commands)
         client = rs_or_single_client(event_listeners=[listener])
         self.addCleanup(client.close)
         return client, listener
@@ -445,7 +445,7 @@ class APITestsMixin(object):
 
 class ProseSpecTestsMixin(object):
     def _client_with_listener(self, *commands):
-        listener = WhiteListEventListener(*commands)
+        listener = AllowListEventListener(*commands)
         client = rs_or_single_client(event_listeners=[listener])
         self.addCleanup(client.close)
         return client, listener
@@ -474,7 +474,7 @@ class ProseSpecTestsMixin(object):
         """Predicts what the resume token should currently be for server
         versions that support postBatchResumeToken. Assumes the stream has
         never returned any changes if previous_change is None. Assumes
-        listener is a WhiteListEventListener that listens for aggregate and
+        listener is a AllowListEventListener that listens for aggregate and
         getMore commands."""
         if previous_change is None or stream._cursor._has_next():
             token = self._get_expected_resume_token_legacy(
@@ -1047,7 +1047,7 @@ class TestAllLegacyScenarios(IntegrationTest):
     @client_context.require_connection
     def setUpClass(cls):
         super(TestAllLegacyScenarios, cls).setUpClass()
-        cls.listener = WhiteListEventListener("aggregate", "getMore")
+        cls.listener = AllowListEventListener("aggregate", "getMore")
         cls.client = rs_or_single_client(event_listeners=[cls.listener])
 
     @classmethod
diff --git a/test/test_cursor.py b/test/test_cursor.py
index f5b6e4923..09020a6de 100644
--- a/test/test_cursor.py
+++ b/test/test_cursor.py
@@ -44,7 +44,7 @@ from test.utils import (EventListener,
                         OvertCommandListener,
                         ignore_deprecations,
                         rs_or_single_client,
-                        WhiteListEventListener)
+                        AllowListEventListener)
 
 
 class TestCursor(IntegrationTest):
@@ -231,7 +231,7 @@ class TestCursor(IntegrationTest):
                 10).max_await_time_ms(90)
         self.assertEqual(90, cursor._Cursor__max_await_time_ms)
 
-        listener = WhiteListEventListener('find', 'getMore')
+        listener = AllowListEventListener('find', 'getMore')
         coll = rs_or_single_client(
             event_listeners=[listener])[self.db.name].pymongo_test
         results = listener.results
@@ -349,7 +349,7 @@ class TestCursor(IntegrationTest):
 
     def test_explain_with_read_concern(self):
         # Do not add readConcern level to explain.
-        listener = WhiteListEventListener("explain")
+        listener = AllowListEventListener("explain")
         client = rs_or_single_client(event_listeners=[listener])
         self.addCleanup(client.close)
         coll = client.pymongo_test.test.with_options(
@@ -1221,7 +1221,7 @@ class TestCursor(IntegrationTest):
         gc.collect()
         self.client._process_periodic_tasks()
 
-        listener = WhiteListEventListener("killCursors")
+        listener = AllowListEventListener("killCursors")
         results = listener.results
         client = rs_or_single_client(event_listeners=[listener])
         self.addCleanup(client.close)
@@ -1268,7 +1268,7 @@ class TestCursor(IntegrationTest):
 
     @client_context.require_version_min(3, 6)
     def test_getMore_does_not_send_readPreference(self):
-        listener = WhiteListEventListener('find', 'getMore')
+        listener = AllowListEventListener('find', 'getMore')
         client = rs_or_single_client(
             event_listeners=[listener])
         self.addCleanup(client.close)
diff --git a/test/test_encryption.py b/test/test_encryption.py
index adab7221d..4c9e28b58 100644
--- a/test/test_encryption.py
+++ b/test/test_encryption.py
@@ -60,7 +60,7 @@ from test.utils import (TestCreator,
                         camel_to_snake_args,
                         OvertCommandListener,
                         TopologyEventListener,
-                        WhiteListEventListener,
+                        AllowListEventListener,
                         rs_or_single_client,
                         wait_until)
 from test.utils_spec_runner import SpecRunner
@@ -1287,7 +1287,7 @@ class AzureGCPEncryptionTestMixin(object):
             keyvault_namespace,
             schema_map=self.SCHEMA_MAP)
 
-        insert_listener = WhiteListEventListener('insert')
+        insert_listener = AllowListEventListener('insert')
         client = rs_or_single_client(
             auto_encryption_opts=encryption_opts,
             event_listeners=[insert_listener])
diff --git a/test/utils.py b/test/utils.py
index 43528b31d..d58c61667 100644
--- a/test/utils.py
+++ b/test/utils.py
@@ -162,23 +162,23 @@ class TopologyEventListener(monitoring.TopologyListener):
         self.results.clear()
 
 
-class WhiteListEventListener(EventListener):
+class AllowListEventListener(EventListener):
 
     def __init__(self, *commands):
         self.commands = set(commands)
-        super(WhiteListEventListener, self).__init__()
+        super(AllowListEventListener, self).__init__()
 
     def started(self, event):
         if event.command_name in self.commands:
-            super(WhiteListEventListener, self).started(event)
+            super(AllowListEventListener, self).started(event)
 
     def succeeded(self, event):
         if event.command_name in self.commands:
-            super(WhiteListEventListener, self).succeeded(event)
+            super(AllowListEventListener, self).succeeded(event)
 
     def failed(self, event):
         if event.command_name in self.commands:
-            super(WhiteListEventListener, self).failed(event)
+            super(AllowListEventListener, self).failed(event)
 
 
 class OvertCommandListener(EventListener):