Well to take it to another level as you have mentioned Lastpass - how you can trust this kind of product when everything is online on their servers and when you're offline and not connected to the Internet you do not have your passwords. They are gone. What if they will shut down, bancrupt? Your passwords are gone forever.
However again to defend ourselves if you have some "paranoid" friends - OK, if someone will install some phishing application on your PC, he can gather all data coming out of your PC over the internet. Which in our case is only license information
How can he get your passwords from that kind of information?
Of course, if someone will create some "Sticky Password like" application, you can get in troubles, but this installer will never be possible to download on our site AND the most important thing - will never be signed by VeriSign signature. So, in general, if you will download the installer from our website, you will never in troubles. We have our webiste secured by several protocols and mechaninsms and it is on our own server where nobody can access.
I hope we're clear over here and you and your paranoid friends will be ok