I have a lot of respect for Steve Gibson but I wouldn't take this as anything but his opinion. All he is doing essentially is re-iterating what LastPass themselves claim about their security, so you can only trust this as much as LastPass own claims. If you know Steve Gibson you'll know his TNO (Trust No One) policy. I do choose to trust LastPass claims personally and am a paying customer, but I would much rather use an open source, battle tested alternative if it existed.