When the breach of LastPass and bitcoinica's mtgox account was announced, I found it equally plausible that it was a random thief rather than an insider (ie one of Patrick/steve_bobs, zhoutong/stevejobs, etc.). It's totally possible that someone would have verified that info@bitcoinica.com is a LastPass account (this can be verified since LastPass leaks account registration status through the Forgot Password option), and then tried the MtGox API key after the source code leak.

But anyone could have done that, literally anyone (seriously, I kicked myself for having not tried it myself). But the particular person who did exploit this, also happened to be one of a very few people who also knew the password to zhoutong's stevejobs807@gmail.com. Of all the numerously possible potential thiefs who had equal opportunity to log-in to LastPass, the breach was in fact highly likely, all the info was there. And of all those possibilities, what is likelihood that the one person who first took advantage also knew zhoutong's private throw-away gmail password, so that they could frame him? The probability is highly suspicious.