I'm in the same boat; been using FileVault since day one.

I just checked and, sure enough, my cleartext password is visible if I run:

  $ sudo cat /var/log/asl/* | strings | grep 'password ='

So if my laptop were lost or stolen not only would the encryption be worthless, but my login password is available too. This is a big hole.

Guess today's a good day to switch to FDE