[pieter]

The checkmark he's talking about is only used to bypass the password verification on your mac -- there's no password or passphrase sent to Apple at any point.

What happens when a user tries to log in without Apple ID is the mac sends a request to Apple: "Is this password valid for this apple id?". If Apple replies positively, the login request is accepted and the user is allowed access to the system.

See how this doesn't work for Filevault? Since Filevault encrypts the encryption key with the users' password, and the password itself isn't known to Apple, this checkbox can't be used to decrypt the drive.

The main vulnerability here is that it can allow access to a Filevault-enabled system that still has the decryption key in memory -- as is the case by default for any mac that goes to sleep. Either the checkbox shouldn't disappear if you enable filevault, or they should make the decision to disable AppleID-based authentication when Filevault is enabled (which is probably what they tried to do).

If you want your system to really be secure, you need to disable the RAM-based sleep, so that the RAM contents are written to your Filevaulted disk before shutting down completely.