They issue is that your vault key must never be available to their system, otherwise when they get hacked with the most trivial XSS now your vault is pwned. Password vaults are a hugely valuable target, worth potentially thousands of dollars on the black market, you absolutely should not be using a service that has the ability or can acquire the ability to decrypt your vault. You're better off with a plaintext file in a nondescript location on your hard drive.
Just to clarify this, because it took me a second, the point (if I understand you) is that your password is available to them at the point when you log in to their support forums. Particularly bad, because it's a site that hosts a ton of user content.
It's also really dumb, because the whole point of the product is to make it easy to not reuse passwords. They could have even had the signup process automatically create those accounts for you and insert the passwords into your vault, and it would have been just as easy for the user.
1.) LastPass login page hashes MasterPassword on the login page to produce a hash
2.) Hash is sent to the forums, and is checked against the same hash as the vault system
3.) Hash is confirmed, and you're logged in.
1.) Later hash is grabbed by an attacker.
2.) Attacker sends the hash to get the encrypted vault
3.) Attacker gets the encrypted vault
4.) Attacker is sad, because they don't have the MasterPassword, and thus have no access to all your passwords
Note that I'm not saying that they are awesome, and/or are doing the above. But it's not immediately obvious that a MasterPassword can't hash a forum login and a vault request at the same time. I mean, that's literally what the "MasterPassword never leaves the client" is supposed to mean.
At that point, it gets a little silly honestly. If you can modify the login page to have a login form, then you can also modify it to bypass any type of security system you could ever dream up. The GP here seems to want the support forum to have an independent password. Even if they did that, if we're completely changing the login form, you could change it to say "due to new security features, you now log into our forum using your master password, please enter it below". So exactly what is it that they should do, and how would that be more secure than what they're doing now?