Yes you are right Lastpass is online. Read an article, well actually its was more the comments or answers that were interesting nunber 38 and 24 in this link :
(I replaced the "tt" in the above link with "xx" - not sure if I needed to but someplaces dont allow your to publish links - sorry).
I think the gist of that being that online in theory provides a greater surface area for attack, whereas localized managers are at a greater risk of a targeted attack or machine failure. I think you're right it is swings and roundabouts.
Interestingly enough I spoke to someone that uses lastpass, and they said you can add a 2nd level of security above it as it allows you to program a usb key with an additional password - hence even if lastpass was compromised, then unless you had the physical usb key you could not gain access.
Theres also a commercial version available - something called "Yubi-key" its like a usb stick that plugs in and generates one time passwords that does a similar thing. This can be used with both Keepass and Lastpass, to provide that second layer of protection.
Re links - yes it's fine to post links and much preferred to manually breaking the link (please don't do, the forum obfuscates it for you if that's a concern). If it's spam links or affiliate links then please don't post those!
I think you can use a usb stick with keepass as well (or a file... for example if you have a local server you could only allow keepass to load the db if the file was present on the local network if you wanted to limit use of the db to the lan maybe, just a thought off top of my head!). The USB stick would be great though if you were using it from a USB stick 'on the go' anyway... so have the db load off the USB stick but also require that the stick is present (so if you kept a copy of the db file on a cloud server as a backup somewhere and it got stolen, it would be useless without the USB stick).
Another thing I know you can do with keepass is have a portable version installed on your usb stick... not sure what the difference is.
Yubi key sounds interesting.
One other thing that I'm liking nowadays with a smart phone is the ability to use the Google authenticator app with various places.... like Betfair have started doing it now where you can use your Google authenticator to do 2-step authentication... very useful and not that much of a PITA if you use it on a 'regular' machien since you can just set it up to 'trust' that machine (any other machine 'out and about' you use you have to use the authenticator to login in combination with a password).
Tags for this Thread