To be clear: LastPass was not necessarily hacked. Their database server sent out some encrypted information and they couldn't verify exactly why, so they assumed the worst. In addition, the amount of information sent out was not very large; I believe they mentioned that it wouldn't have been more than a hundred or so users' worth, out of several million.

The information that the server sent out included people's email addresses, the server salt and their salted password hashes from the database. This means that the hackers, if there were actually hackers, got some encrypted information and part of the encryption key (the part that isn't users' passwords). So they can sit around trying to figure out each person's password, which will be proportionally as difficult as the password is complex. If a person had a password of at least 8 characters that didn't include a dictionary word, the hypothetical hackers won't be able to figure it out for years. Changing one's password re-encrypts the data in Lastpass, and removes the threat.

This is why one should use strong passwords.

Furthermore, I disagree that programs like Keepass are any better. If anyone gets access to your computer and downloads the Keepass file (or if you contract some malware that sends it to someone), then you're vulnerable to the same attack. In fact, you're doubly vulnerable, because you can't simply change your master password. That would only re-encrypt the password file on your computer, not the one that the hackers took.

I choose to have the more convenient approach and put my passwords where I can get them any time.

Did you check the source code of the implementation? Are you certain that it was correctly implemented?