I understand that it is probably recommended from a security standpoint to ensure "validate server certificate" is checked on each client and that either a self-signed or Trusted CA (Verisign) certificate be employed.
Can someone give me an example of security risks when validation is not enabled?