TLS is the method used by most IP-based transports to provide encryption. Used to be SSL but that is no longer considered secure. Older versions of TLS are also no longer considered very secure, TLS 1.0 in particular.
The main thing it gives you is point-to-point encryption managed by public and private certificates on the server end. Your client end maintains a list of public key services so that it can establish a chain of trust with the server (that's what you lose when you chose not to validate the servers certificate - basically the client would except any reasonably formed certificate from anyone).
TLS can also provide 2-way authentication - that is less common but gives a nice seamless login experience when being used. You may have used something similar if you have configured certificate-based logins to SSH for example.
When TLS is in use and correctly configured (which isn't actually that easy to do), you can be sure that you are talking to the correct server and you have an encrypted link between your client and the server. Normally, that means that nobody can intercept the communications (which is why hackers generally find it much easier to hack the client or the server itself).
There are exceptions even there though since badly behaving clients or poorly configured servers may allow man-in-the-middle attacks whereby a proxy intercepts the initial TLS handshake and presents its own certificate to the client. It is then able to intercept and read the traffic. This used to be very common in enterprise environments where the organisation wanted to review traffic from its users for audit and security purposes. Largely discredited as a practice now due to the vulnerabilities it can introduce.
Hope that answers your question Colin - though probably in far more mind numbing detail than you really wanted! 
