Don't forget that the LastPass chrome extension has been tricked in the past to extract passwords from arbitrary domains. It's still important to use your brain when clicking links and invoking LastPass's autofill functions.
That's why I love and recommend password managers to all my friends / relatives. Not only does it help prevent phishing but it promotes stronger passwords.
Likewise - if Firefox doesn't automatically fill in a password that I expect it to, something strange is going on. (Especially now that Firefox automatically uses http credentials for the same page on https, which removes the one other common reasons for this to happen.)
While I also don't like sites breaking autocomplete, LastPass' "Show matching sites" dropdown only lists accounts valid for the current domain. So a very similar protection is available even without autocomplete.
