From TFA you cite:
"However, installing Java and loading and running the Java applet can be annoying. So in 2006, Hushmail began offering a service more akin to traditional web mail. Users connect to the service via a SSL (https://) connection and Hushmail runs the Encryption Engine on their side. Users then tell the server-side engine what the right passphrase is and all the messages in the account can then be read as they would in any other web-based email account.
The rub of that option is that Hushmail has — even if only for a brief moment — a copy of your passphrase. As they disclose in the technical comparison of the two options, this means that an attacker with access to Hushmail’s servers can get at the passphrase and thus all of the messages."
Hushmail was aware of the weakness of the server-side option and explicitly told its customers about it. These customers, foolishly given what they were doing, accepted that.
Lastpass doesn't have the same problem; you don't need anything messy to do the client-side encryption and decryption. There is no server-side 'option' for Lastpass, nor would anyone have a reason to use it if there was one, really.