Re: F**k LogMeIn
The potential for this sort issue to occur has existed forever, certainly long before the LMI takeover. The LastPass UI has always been a bit of a shonky mishmash of browser prompts that would lend themselves to spoofing. But then again, what other facilities are there for a browser plugin to display UI? I've always felt that Chrome should do a much better job of distinguishing "trusted" extension UI from general internet content. The only visible difference is the URL which is hardly obvious as this attack demonstrates.
I see no relevance to LMI takeover, apart from your obvious axe grinding. FWIW I prefer the refreshed UI.