=== What is the potential impact?

Establishing trust in a secure way is a non-trivial task. When you disable
certificate validation, you are removing a key mechanism designed to build this
trust in internet communication, opening your system up to a number of potential
threats.

==== Identity spoofing

If a system does not validate certificates, it cannot confirm the identity of
the other party involved in the communication. An attacker can exploit this by
creating a fake server and masquerading as a legitimate one. For example,
they might set up a server that looks like your bank's server, tricking your
system into thinking it is communicating with the bank. This scenario, called
identity spoofing, allows the attacker to collect any data your system sends
to them, potentially leading to significant data breaches.

==== Loss of data integrity

When TLS certificate validation is disabled, the integrity of the data you send
and receive cannot be guaranteed. An attacker could modify the data in transit,
and you would have no way of knowing. This could range from subtle manipulations
of the data you receive to the injection of malicious code or malware into your
system. The consequences of such breaches of data integrity can be severe,
depending on the nature of the data and the system.