[UnoriginalGuy]

This is very close to how LastPass works under the hood. You're storing an encrypted database on their service (just like DropBox in your case). They don't actually store your original master password.

The only legitimate security gripe I've ever read about LastPass (and people have focused its security a LOT) is that a bad guy can modify the JavaScript utilised by the extension if they took control of LastPass's servers, and have your plain text master password sent to a third party (assuming no cross-site protections).

The actual password database is fairly secure. As is the login process (which can further be strengthened with 2F and various options in the account settings).