This means that the user (Bob) cannot decrypt it without a currently valid certificate and also that the certificate authority cannot decrypt the message as they don't have the user's private key (i.e., there is no implicit escrow as with ID-based cryptography, as the double encryption means they cannot decrypt it solely with the information they have).
Because the certificate is "public information", it does not need to be transmitted over a secret channel.
This risk can be partially but not completely reduced by having a hierarchy of multiple certificate authorities.
The best example of practical use of certificate-based encryption is Content Scrambling System (CSS), which is used to encode DVD movies in such a way as to make them playable only in a part of the world where they are sold.
However, the fact that the region decryption key is stored on the hardware level in the DVD players substantially weakens this form of protection.