3
Blockchain.info is a hybrid bitcoin wallet with client-side javascript encryption. I understand that the wallet.aes.json where the private keys are stored is encrypted (client-side). But how can transactions be made without the server-side knowing the UNencrypted private key?
2
The private key is needed only to sign the transaction, to authorize it to spend your coins. This is done on the client side. The signed transaction is sent back to the server, which will take care of transmitting it on the Bitcoin network.
A defining feature of public-key cryptography is that it is not feasible to deduce your private key from the signature.
