20140414 Update #2
The server's private key can be obtained. This is confirmed. See here.
Apparently NSA KNEW about this since years ago. Surprised? Not really...
How bad is heartbleed? Very bad. It affects not only https. But all other applications, servers , routers, firewalls that use OpenSSL.
We have heard all the bad news. But, there is a little good news. Retrieving private keys may not be that easy. This post explains it all. However, getting passwords are still easy if you are lucky (well, try a few times). There are a few websites that you can use to check if a website is vulnerable, but done give you the dumps. Here is the python script that give you the dump.
Tips: run it in debug mode.