The EncFS is mounted locally (client-side), so the files aren't decrypted at all on the server-side. You're just syncing fully encrypted files.

If encryption is done client-side, the data is still encrypted server-side and chrooting does nothing.

What do you mean by 'vulnerable'? All encryption is done on your computer/notebook, so a chroot on the server doesn't decrypt the files.