Correct - while they are listed in Cex's own records those records are not officially recognised by the network so until you withdraw to an address you will never see them.
Is that true for most of the exchanges that offer web wallets like Btc-e, Cryptsy, Coinbase, Kraken, etc.?
Yes, they usually have several addresses where you can deposit funds and severall others where they store your coins (usually offline) savely. While you only do transactions within the same exchange there is no need to use the blockchain, it would just be a waste in fees and blockchain space.
Think about it like this: Lets say banks need to transfer money to other banks by transporting physical gold/fiat from Bank A to B. This would be the equivalent of you send money to me. You are your own bitcoin bank, I am my own bitcoin bank. The transportation is done via the blockchain and the p2p network.
Now, bank A is not a single person, but has 3 customers. It has a nice spreadsheet where it writes down which customer has howmuch money. If customer 1 wants to send money to customer 2 the bank can just change the spreadsheet. Sending physical gold/fiat from A to A makes no sense. Same with big bitcoin exchanges / casinos / etc. they store the coins somewhere safe and handle all internal transactions via an internal database. Only when the coins leave the company they make a public transaction on the blockchain.
I would suggest you create a wallet using actual software (ie Electrum/Multibit/Qt) rather than web wallets - securing web wallets can be a pain. If you're using bitaddress.org download a copy from GitHub and use it offline to create your addresses and then import them into a client. If I were to recommend one it would be Electrum - you get a lot of security and features (offline tx signing comes to mind) without having to download the whole blockchain.
Let's say I download a copy of bitaddress.org from Github and use it offline to create an address. But I don't import it anywhere. In fact, it remains completely unknown, I just wrote it down by hand on some scratch paper. Then I use that address to send myself money from my web wallet....would the bitcoins be real then and would the address be added to the blockchain? Or it wont be on the blockchain until I import it?? Doesn't importing an address into a client also mean risking that the address can be compromised too?
Yes the coins would be real and they would be added to the blockchain, because the blockchain stores all the transactions. If you send coins somewhere you do this via the blockchain and you have to publicly announce where you send the coins. So you cant keep your public address secret when you want to send coins there. Importing an address (e.g. the public key) is no problem. Importing a private key (thats the one that allows you to spend the coins) can be a risk. This however depends on where you import the private key and how you do this. The worst way I can imagine atm is importing a private key into an online wallet service via an unencrypted connection. If you however do this locally, use encryption right after importing the priv. key and use it only to sweep the address, you should be fine. Assuming the computer you use is not compromised.
