The only concern I have with LastPass is when I'm entering the console password, the only one you need to enter - if there is no SSL session in force at that time, Rapport may not be able to block any keyloggers or screencapture malware onboard. Since I enter my passwords in more than just browsers, I like to use LastPass on those too, so I use Keyscrambler to at least obfuscate the console password. Unfortunately then you have to rely on Keyscramber for keyloggers. Turning off Keyscramber, and then enable keylog blocking in Rapport, and only entering the console password during an SSL session, would be better. That way, as long as I have LastPass set to remain logged in with the many granular settings, I wouldn't have to do it again for a while. Using CCleaner on limited accounts will eliminate most contracted malware temporarily anyway, and can make any session safer during vulnerable events.
LastPass can recognize when you are at the wrong URL and I've been getting popups when trying to enter into non SSL windows that don't encrypt login credentials. I'm not sure if it is LastPass warning me or my Comodo Dragon browser, but not all passwords out there are critical for security so I don't worry about them unless I was trying to log on to a shopping or banking site. Lastpass will not enter the credentials to the wrong URL or SSL certificate; so I realized each time that happened that I was redirected to a poser site. It has saved my bacon more than once! WOT can help in this endeavor, too, as it sometimes knows when you have stumbled onto a disreputable site and will block it. MBAM will also block any out going to a malicious site, and will block any incoming from such also. This - I'm sure has save many an individual from letting out their personal data.
The blended defense is the only way now-a-days. I've only mentioned the tip of the security solution iceberg!