"We attacked ourselves from outside, without leaving a trace," they wrote. "Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication."
Think about this - silent theft of private keys. The implications on being able to trust SSL certs are huge even after this vuln is patched.
Links: http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
http://threatpost.com/openssl-fixes-tls-vulnerability/105300
http://www.openssl.org/news/vulnerabilities.html#2014-0160