I tested this, far away from my Wi-Fi network, and it doesn't light up then.
Apple's support pages say "Unlock FileVault using SSH: On a Mac with Apple silicon with macOS 26 or later, FileVault can be unlocked over SSH after a restart if Remote Login is turned on and a network connection is available." and "Network connectivity for FileVault is necessary to unlock FileVault using SSH and in certain configurations using FileVaultPolicy with Platform Single Sign-on." [1][2]
So that means the Wi-Fi password will be stored outside of the FileVault'ed volume then. (Where?)
Cool, but even "Remote Login" is off for me (no SSO/MDM either) and it still connects to Wi-Fi. I never opted in to Wi-Fi passwords being silently removed from FileVault protection.
Sure, they might "SecureEnclave" that thing or whatever but it's not the same thing. It's similar to the iCloud Password Sync auto-enable issue I had with iOS 17 [3]. The security model gets changed without the user's consent. It's not clear what is stored where.
They just decide something is okay to auto-change after the user made a choice in the past.
I don't think I'm overreacting. It's a seemingly little thing, but it shows how they can (and do) just make moves like that.
[1] https://support.apple.com/en-ca/guide/security/sec8447f5049/web
[2] https://support.apple.com/en-ca/guide/deployment/dep82064ec40/web
[3] https://news.ycombinator.com/item?id=38648725