The CSS URL is being generated dynamically by the theme code, and depends on user settings. For example, the user can specify a custom graphic to use as list bullets, and that custom graphic can be anywhere - usually on the same site, probably within the media library path.
The style.css file is not saved in the "standard" theme directory, but is saved in the /uploads directory. The location, and even the name of the /uploads directory is variable, and on MultiSite versions, will vary depending on which user it is. So even when default theme graphics are included (for gradients, for example), the location of those images are known, but the location of the actual style.css file is not known.
Thus, using relative paths to the style url() graphics is not an option - they have to be a full http:// address.
So I'm assuming that it would be impossible, or impractical to the extreme, to try to filter the url()s within a .css file. Thus, my basic question is: if the url() tags within a style.css file use https:// instead of http://, will they still work when non-secure pages on the site are being displayed?
Apparently, it turns out that when the style code is included in-line in the <head> block (instead of being included from a file), that everything is fine - even though the url()'s in the inline code use http://, they don't generate an insecure access. This leads me to believe that your plugin is filtering all output and changing all http:// to https:// more or less blindly, which seems like a reasonable approach.
Since my theme has an option to include the css inline rather than via a file, at worst case the user could use that for secure sites. But there are other good reasons to put the dynamically generated style into a file, and it would be preferable to keep that option.
My basic personal inexperience in just what an https:// reference from a .css file will really do is the reason for my question here.