How is updating my Master Password secure?
Your LastPass email address and master password are used to compute your encryption key. When you choose to update your master password or email address, you are essentially changing the encryption key for your account.
All of your encrypted data is downloaded from the LastPass servers and then decrypted using your existing credentials. It is then reencrypted using your new credentials. The reencrypted data is then sent to LastPass servers for safe storage.
It is important to note that the decryption and re-encryption occurs on the client's end, ensuring that the old and new Master Password, as well as the encryption key itself, is never sent to the LastPass servers.
Please see this page for more detail: https://lastpass.com/whylastpass_technology.php