The definition for "AllowUnauthenticatedConnections" as the name suggested is:
"The default value ensures that MTAs must authenticate with Network Prevent (Email) for TLS communication".
This means when set to TRUE, prevent will disregard certify chain of validations, but will still sustain encrypted data flow. In other words, the connection bypasses the cert-chain and directly enters the cipher negotiation between TSLv1 “Client Hello” (proposer) and “Server Hello” (selector) packets. It has nothing to do with "plain text vs. encrypted text"