Lastpass joins LogMeIn, and Twitter went bonkers.
What many are seeing here is arguably reputation-based risk at work. There is no doubt LogMeIn is the bigger entity, and can bring cash & people to the continued & accelerated development of LastPass.
LastPass, used by many security professionals, has "good enough" security. Some researchers have still valid objections to intrinsic details about their crypto implementations (Sc00bz specifically), while others object heavily to their 2SV/2FA (Paul Moore).
For most users, the security of LastPass is "good enough". If the NSA were part of someone's threat model, they could just as well send a black helicopter with armed agents instead of cracking crypto or installing keyloggers. Cheaper and sure as hell more certain to succeed.
Lastpass has been reviewed (read: attacked through research) by many, most notably by Elcomsoft in a paper presented at BH EU in 2012 (PDF). Along with several others, it was found to be "good enough".
Other attacks have been handled and responded to promptly by LastPass. In summary: the company has earned a degree of trust. CEO Joe Siegrist "selling out"? Any startup wants to succeed. Some founders want to retire, others go on to something new, and others remain and continue working on their product. No matter which option Joe has chosen, he deserves credit for what he's done so far with LastPass.
LogMeIn?
It's hard to point at anything specific right now, but there's an alarm ringing in the back of many users' heads. Bad customer service? Doesn't appeal as a product? Bad reputation? Bad security? Weird UX? Too "commercialized"? It's unclear, but many users simply do not trust them for some reason.
That makes the situation concerning, but it's not necessarily reason enough to abandon LastPass outright. Many users will want to see & hear more before jumping ship. For those who are busy or simply pragmatic, changing products means exporting 3-400 sites, notes, etc. from LastPass and importing them into whatever other product they choose (1Password, Strip (drop the SHA-1 SSL cert guys!), and Dashlane are all obvious candidates). That's gonna be a painful weekend to pull off. Laziness trumps FUD sometimes.
It's worth digging around for vulnerabilities & attacks against LogMeIn, and checking out how they have responded to all of them. The initial impression could be completely wrong, of course.