First of all, thank you very much for taking the time to write, I really do appreciate it! :^)
The encryption does happen on-the-fly as the file is never stored outside of the FileVault itself, much like if you were to create your own encrypted image and save a document immediately inside of it as you are working on it. Should the computer crash or be force-rebooted in any way, there would be no trace of the file outside of the vault, even without a proper shutdown procedure that is, provided that the application you are using does not store caches in strange, non-standard places.
However, you are entirely right about FileVault existing in the user space: the FileVault image is mounted as a whole and, as you are logged in, any application running with your privileges or the system privileges can access your files as if they were unencrypted which is necessary for the system to function normally.
Both aspects of FileVault aren't in contradiction but it is true that it might seem surprising at first.
I hope this answers your question and remain at your disposition to provide you with any additional information you may deem useful.