Back to the Metadata problem. Here's how this information could be weaponized:
NSA: LastPass, we suspect that John Smith uses your service. Give us access to John Smith's password database.
LastPass: We cannot, all of John's usernames and passwords are encrypted and we ourselves don't have the key.
NSA: Alright, then, give us the websites for which John Smith's database has credentials for, and we'll subpoena each website of interest individually.
If John Smith has known email address JohnSmith@gmail.com, it is probably safe to assume that the email is the login for at least some of the websites of interest, and can then ask each website for info on that particular user.
The NSA already has that data they have your home address (this is public) and can see you connect to gmail servers at times you are normally home for. We've already seen evidence this is well within the NSA's capabilities based on the Dread Pirate Robert's trial.
2.
LastPass's RNG is closed source so if your threat model includes the NSA you've already lost as it is very reasonable the NSA knows every password LastPass could ever generate for you.
3.
LastPass's encryption/decryption is ALSO closed source so there is no reason the NSA can't just subpoena them to update your client with a faulty crypto.
4.
LastPass Apps/Browser phone home once unlocked. If subpoena by the NSA they can steal your password there.
Seriously if you have a threat model that includes the NSA you've already lost.
DPR had terrible OPSEC. We should all learn from his failures.
You are completely correct that any threat model that includes direct attention from the NSA is insurmountable. Even highly skilled targets like OBL are eventually defeated.
OBL seems like an odd example for "insurmountable". He was probably the target of more US gov't attention than anyone else who isn't running a country. After more than a decade of active pursuit, he was compromised by a largely non-digital security breakdown.
I agree with the general point about direct attention, but OBL seems closer to the exception than norm.
NSA: LastPass, we suspect that John Smith uses your service. Give us access to John Smith's password database.
LastPass: We cannot, all of John's usernames and passwords are encrypted and we ourselves don't have the key.
NSA: Alright, then, give us the websites for which John Smith's database has credentials for, and we'll subpoena each website of interest individually.
If John Smith has known email address JohnSmith@gmail.com, it is probably safe to assume that the email is the login for at least some of the websites of interest, and can then ask each website for info on that particular user.