RB,
Just curious - have you trolled all these: http://blogs.vmware.com/thinapp/appsync/ ?
We are on the verge of testing AppSync for the first time, so this subject is of great interest to me.
As for whether or not the hash check can be disabled/bypassed, I have a thought. We use SCCM to distribute software and updates. SCCM uses BITS to move the data, and performs checksum/hash verification on the end point prior to implementation of change or advertisement. In other words, if we are using SCCM to advertise an available software installation, the SCCM client will not present the advertisement until it knows all the blocks are good. This mechanism reduces corrupt installation incidences.
I'm guessing that the main reason you're feeling the pain on the app in question is due to its size. My guess is that the average 150-300MB AppSync won't be so bad. I also don't know if you're using SSL for AppSync. Perhaps SSL adds overhead. Lastly, I saw a post not long ago on AppSync and antivirus. http://www.tsmguru.com/vmware/vmware-thinapp-antivirus-best-practices.html