Here's a click bait headline:
So if somebody hit your bank's site a couple of million times and got their security certificate they can't do ANYTHING with that without ANOTHER exploit that gives them a man-in-the-middle position.
Just a word to the wise: Don't do your online banking at Starbucks.
I'm not saying that "Heartbleed" isn't a real problem just keep it in perspective.
And about passwords "leaking" via "Heartbleed," any site worth it's salt (pardon the pun) is using good password management so the the passwords IN MEMORY should just be salted hashes.
Ok, sure. Go change your passwords if it makes you feel better.
And if you really want a placebo, go into your browser and enable the "Check for server certificate revocation."
Why is that a placebo? Read Steve Gibson's Certificate Revocation Pages:
Clearly these are one person's opinion and a work in progress. Still, that's a real problem.
What a mess...