That's where you have to decide what you want... If you want to sync your devices then the cloud is needed. Your data is encrypted and the master password is not stored but is the key to decipher your passwords.

There are no guarantee that any system is 100% safe. All you can do is pick something the makes it difficult enough to send the hacker to another target, just like putting an alarm sign on your house, unless you leave your front door open with valuables in sight, they will move on. Most attacks will come from a weak site. Using unique, complex passwords will keep them out of your other sites. Too many people choose one password and use it everywhere (I was one of those with a limited set of passwords) so the thieves just jump from one site to the next trying the same password. Having unique user names also makes sense, but I haven't gone that far yet.