I dont think he had it alone. He was provided with this password at best, Tihan isn't really an IT developer to go through the code base, pull mtgox key and set as a master key in last pass. ZT said he didn't do it
My version of the story is, Tihan selected a password from one of the Mt. Gox API keys and we face-to-face agreed to use that. There was no plan to release the source code ever (and if I did it myself, I would at least remove the credentials). The password has never been changed for 5 months, despite the transfer of ownership.
I didn't expect to be able to log in to LastPass after Bitcoinica Consultancy took over. So I didn't try.
no worries there. The fact that the password was the exact same 5 months later and was in the source that magicly got 'hacked' from Genjix's 'box' tells me that Intersango noticed upfront that the source and lastpass were the same and kept it that way intentionally for later use....
that's my version of the story. ;p