Commit c73404a introduced a security vulnerability that could be exploited by a Man-in-the-Middle attack. The attacker would automatically obtain code execution privileges as root.

• Why was the certificate check disabled?
• Is there an alternative solution to the problem fixed by the above commit?

The commit did not introduce a security vulnerability. There are numerous reasons why the change is not a security issue in the slightest. The first that comes to mind is that we do not use SSL connections to download packages from the antergos and arch repos anyway. So this change really is no different than the status quo prior to the change. Unless you have something specific in mind that I have overlooked?

I'll admit I don't fully understand the whole process and you're probably right when you say that that particular commit does not cause a security issue. But line 92 of pacman-boot looks troublesome to me:
What it appears to do is insecurely download a file from an HTTP server, unzip it and run it (all while being root or root-equivalent, if I'm not mistaken).
No security issue has been added, but that's just because the process was insecure all along.

Is the antergos is really doing this at the moment?
Also I'm sorry if I came across as rude, I'm just worried.

No worries. I appreciate your bringing this up for further consideration and review. While the chance of this being the target of some would be attacker were so incredibly slim (I mean, really slim) at the time the change was made, after these public comments and those on IRC I am no longer confident that that is still the case. We operate on a "take no chances" policy when it comes to security related decisions, thus I will take action to address this asap!

Cheers!