To understand this in context, check out this recent LastPass blog post:
https://news.ycombinator.com/item?id=8022543. One of these vulnerabilities (an insecure version of a bookmarklet) has been known to security researchers for about a year. Though LP claims that this is not serious, this article points out that there are much larger problems going on here. Comment from LP would be helpful.
