I have recently changed the implementation to verify SSL certificates, which is used for secured FTP, WebDAV and Amazon S3 connections. Cyberduck 3 will honour the trust settings you can configure in Keychain.app and will display the certificate chain that fails validation upon connecting to a server. Previously, a custom dialog was shown which is now replaced by the same standard dialog (which allows editing the trust settings) used in Safari.app or Mail.app.
Cyberduck 3.0 is expected to be released next month. The current nightly build (use with caution) is available for testing.