It's possible to do a warm reboot into a new kernel without ever powering down and re-initializing RAM.

Also, it may not even be fully rebooting, but instead doing something like killing all processes except init (launchd) which then starts up the installer. I haven't run it, so I don't know exactly what it's doing, but there are several ways to "reboot" without fully rebooting.

You may not have noticed it, but it prompted you for your password as part of the installation wizard. I assume that after that, it saved your password where the boot program could find it. Other full-disk encryption programs have similar capabilities, where they'll automatically unlock an encrypted volume if so configured. This is totally insecure, of course, but in the context of the Mavericks upgrade, it's temporary so I guess that's OK.

The interesting question is this: How well did Apple sanitize whatever bit of disk or flash memory ended up storing the key through the two reboots Mavericks needed to do to complete the upgrade?

Oh, I did notice. The same prompt you get when installing any software. However, my user/password and the disk decrypt password are different passwords, no?

I did it on a 2007 MacBook Pro and I was forced to re-enter my normal account credentials, at which point the installer started up.

Yeah, I was wondering that as well.