There's possible to run a bitcoind with funds assigned to accounts. So if you look at bitcoind as a bank, the accounts would be much like accounts in a normal bank. They can be numbered like 0,1,2,3 and so on.
So in a database, you could have user with UID (User Identificator) 123456 being associated with account 9 for instance, so if you log in as 'AvgJoe', the UID is fetched from the Users-db table and your account number is fetched from a database table as well. Thus the site could determine how much you have available in your account, and do any other action that's possible with your account.
Another thing is that a lot of sites don't have the bitcoind running at the same server as the webserver, and there are different methods to keep track of the balance a user has, and how bitcoins are received and sent.
The safest option would probably be to run the bitcoind on a different server, so even if the webserver was compromised, the attacker could not run away with the wallet right away.
Also some sites do offline storage of coins, so say the total available balance of an online webwallet provider was 200K BTC, perhaps they only kept 15K available to the system at any time.
You can read more about the API calls here:
https://en.bitcoin.it/wiki/Original_Bitcoin_client/API_Calls_listAnd no, it wasn't a silly question. The only way to learn more is to be curious and hungry for more knowledge. Unfortunately there's quite a few developers in this community that laugh at you if you have a level of expertise lower than theirs. I don't think this is something that's just in this community, but something that you you will find anywhere.
And as always, always try to find the answer to your questions by googling and searching this forum etc, and if you don't find the answer, don't be afraid to ask, even though it might be a 'stupid' question. At least, there's always someone wanting to help.