At some point you have to trust someone. It is scary to think that your passwords are all stored there - make sure your account password in to lastpass is very complex. According to their site, they use an encryption method that uses your password to encrypt your passwords in their DB so even if they were hacked, your passwords are "safe."
Only your encrypted passwords are stored at LastPass. Since they don't have your key (the passwords are decrypted locally when you access them) it's impossible for someone to get your passwords from LastPass even if they hack their servers. They still need to somehow get your password from you.
pretty sure was a LastPass account that got hacked which caused a fuckload of coins to be stolen from bitcoinica.
The password to the account was the same as a string visible in the leaked source code. That's extremely bad password management - of course your LastPass master password should be extremely secure and unique.
I'd also recommend using two factor authentication towards your LastPass account. Google Authenticator on an Android mobile is an easy and painless solution.
tl;dr: Use unique strong passwords everywhere. Never re-use passwords. LastPass helps you accomplish just that.
