FFI is an important layer, but you are free to use the Rust interface of the libraries too, if you’re willing to (I’m glad that you are - hi fellow Rust fan! 
). In fact, it works exactly as you’ve put it: the FFI layer is just a wrapper for the underlying Rust library. You might need to deal with FFI just for IPC though, that is, to interact with the Authenticator.
We also strive to keep the Rust libs well-documented, so you can either find the docs on docs.rs or generate the documentation yourself with rustdoc.
We don’t have that just yet, but @hunterlester put a nice short description for each lib here (you might want to visit this topic anyway): SAFE network architecture and programming study plan
As for SAFE Client Libs: it provides the high-level interface to the network and consists of:
safe_app, the library to write apps (consists almost entirely of FFI functions glueing in with SAFE Core);safe_authenticator, which provides all functions that are required for SAFE Authenticator (the thing you see when you log in through e.g. SAFE Browser); andsafe_core, which is still kind of high-level, but this library has no notion of apps or authenticator, as it provides only very basic and fundamental network operations and structures, talking to routing. You’ll need to use this one for most operations in your Rust app. Some usage examples can be found in the repository.
I hope that helps! Please let me know if you have more questions or need clarification.