There are a couple of safeguards in place to prevent a remote attacker from getting into a LastPass account. If someone tries to log into your LastPass account from a remote device, the service will not recognize them and will send you an email to verify their identity before they can log in. So an attacker would likely need access to both your LastPass password and your email authentication information in order to get into your LastPass account. You can (and should) also set up two-factor authentication for LastPass to make it even harder for attackers to get in.
If you prefer to keep your data local rather than in the cloud, consider KeePass instead.