Thanks for the reply Jafet. The passwords are not stored on their server but all encryption is done client-side. So even if your data is leaked from their site or a government agency asks for the data they do not have the keys to decrypt it; only you do.

Now that I’ve dug it I am putting some links to a podcast (and transcript) about LastPass in an edit to the original post.