Why do you say twApi_DisableCertValidation() does not work? What that does is prevent the checking of the certificate entries to ensure they match those that are set using twApi_SetX509Fields().
If you want to disable checking valid signing authority of the certificate so that you can use self-signed certificates for demo purposes, you should use the function twApi_SetSelfSignedOk().
If you want to induce MAJOR SECURITY RISKS by disabling encryption altogether then you would use USING_NO_TLS. This should only be used in very limited circumstances where the edge and ThingWorx server are deployed inside a firewall within the same security domain and where deep packet inspection of all traffic is a requirement (i.e. some military installations may require that).
"It's just a demo" is never an excuse to not use encryption. The ThingWorx server ships with self-signed certificates (at least it used to, even if not, it is a simple single command to create one), so using TLS requires very, very little extra effort.
Yes, you are right, not using ecryption shouldn't be recommanded.
I have done several tests with the combination of twApi_DisableCertValidation() and twApi_SetSelfSignedOk(), but seems that doesn't work if you don't use SSL on Thingworx server side, so my purpose is just to give a way for those who doesn't want to use SSL at server side for presales demo.