Normally (and this is how it was in my case, since I did it on the first day), such an update would be presented in Software Update for you to install.
In this case -- and for the first time I'm aware of -- the next day, Apple decided this problem was so critical that it HAD TO BE patched. They've had similar issues with Flash and Java, but in those cases they had the option of remotely disabling them, which they did. This effectively forced users to either keep those items up-to-date or don't use them, and has worked well as far as I can tell.
This time, that option wasn't available so the patch was "pushed" onto eligible machines, since it did not require a restart. Because this vulnerability represented an "imminent threat" of severe attack, and because it is a crucial function to the rest of the system, I think Apple was well within reason to choose the "push" option. I wouldn't want them to do that for anything less than a grave threat, but I'm glad they chose to do it in this case, as it will save a lot of grief and protect users.
As with the remote "kill switch" ability Apple has (again, strictly for protecting users from remote invasions), Apple is extremely hesitant to use the ability -- but it needs to be there for safety.