LastPass (cloud service with browser plugins) supports Yubikey, a low-cost token for two-factor authentication - so someone would have to both install a keylogger on my system and physically steal the Yubikey token to get the LastPass passwords. http://www.yubico.com/
This makes it actually more secure to always use LastPass even if you remember the site password, because the LastPass login is Yubikey protected while the site password isn't (and the way LastPass sends the password to the site doesn't involve the keyboard.)
As with KeePass or 1Password, which are non-cloud services that would be used with Dropbox etc, you must still be very careful with security of the client system - non-keylogger trojans that attack the LastPass plugin or the KeePass/1Password client software could still steal passwords while the password database is open.
Everyone on Windows should be running the free Secunia PSI, which scans all third party and Microsoft apps every week for vulnerability, providing a link to easily update them, and even auto updates some of the most common ones. If everyone did this, drive-by download attacks would be virtually a thing of the past.
Sadly, Mac and Linux don't have this for any apps not handled by the standard MacOS updater or the Linux distro's package repository, but at least with Linux you can limit your use of non-repository apps to those with excellent auto-updating (Firefox, and Chrome as long as your distro doesn't go out of date making Chrome refuse to update!)