Calling anyone who disagrees, especially when they point out that you are wrong, a "shill" is just the same as any unsupported BS from a presidential candidate. Null content.
Several years ago I had the job of evaluating LastPass for $DAY_JOB. I tested it by capturing the data uploaded to the network and confirmed that it was AES encrypted using my password on my system and the data was all encrypted before leaving my system. the master password was never transmitted in any form that I could find. No traffic was generated to/from any other port or location.
While it is true that things might have changed since then, the server remains open source and you can confirm that it does not ever touch the master password in any form. More importantly, the system is heavily examined on a continuing basis by security researchers and, while vulnerabilities have been found, reported, and fixed, there has never been any question of the master password leaving the client.
With well over 100 unique, random, long passwords, some only used once or twice a year, I really lack other options than a password vault in a world where accounts might need to be accessed from a desktop, two laptops, and two phones running six OSes (2 VMs and one dual boot).