Any cloudbased password manager should be scrutinzed and suspect. Lastpass encrypts and decrypts in the browser, the server copy is always encrypted with your master password and salted for additional security. Two-Factor Authentication is also available by multiple authenticators, fingerprint reader on smartphones, hardware tokens like Yubikey and even old fashioned grid on paper.

Pasword sharing is possible without the other person knowing the password you sent them.

Any application as a service is going to have vulnerabilities, whether they are user induced by using weak passwords and security questions or vulnerabilities of the service itself.

Lastpass is no exception and has had its share of issues and to their credit, they seem to be fixed and pushed out as soon as possible. Most vulnerabilities seem to be found by security researchers and it's unknown if any passwords have actually been lost out in the field.

Lastpass is used by millions and there are enterprise versions of the utility. It's convenient, works on every browser and mobile and the premium version is a reasonable price.

Most of the vulnerabilities have been found in browser extensions. Lastpass has the option to store passwords in a portable app and USB drive. Lastpass Pocket