This article describes an issue about Apple’s FileVault 2 technology and  Mac OS X 10.7.2 update. Prior versions of FileVault 2 in Mac OS X 10.7.1 and 10.7.0 do not exhibit this behavior.
- Here is compiled (from sources) 10.7.2 kernel and a source patch
 - By default this kernel forbids booting into single-user-mode for everyone, if firevault 2  protection is enabled.
- But you can allow one user (e.g. admin or yourself) to boot system to do this, boot into osx typing password for that account at efi login screen.
Then run this command:ioreg -l -w0 -p IODeviceTree | grep efilogin-unlock-ident
you will get result like:
| | “efilogin-unlock-ident” = <"4B012BC6-A948-2893-3454-B345307B8234">
copy the value – 4B012BC6-A948-2893-3454-B345307B8234
And insert it into /Library/Preferences/SystemConfiguration/ under name suallow, just like in example bellow:

Kernel Flags

So, now only the user you choosed can boot single user mode when FV2 enabled, and nobody else.
Now your files can be almost fully secured.