Until a hacker or LastPass employee changes the codebase and allows a backdoor that grants them access to everyone's unencrypted information as each user logs in.
This would be very hard for this to happen as your password never gets sent to LastPass, all the encryption happens on your computer.
Which brings me back to a question I had. I should have just tested this by now but havn't had time. If you have lastpass installed on one computer and want to start using the same account on another. Does it load the passwords to the new computer when you validate there? (If so then the backdoor thing could work.) But what I was under the impression of, is if you want to use an account on another computer you had to export the saved passwords and physically place them on the new computer?? If that's the case it would have done our alleged hacker no good to just know the password..