I'm sure everyone has heard of this one by now, but in case you haven't, it's kind of a big deal. I think the Bruce Schneier quote to which Daring Fireball links, says it best.

Bruce Schneier:

“Catastrophic” is the right word. On the scale of 1 to 10, this is an 11.

Mobile Syrup also links to a pretty handy tool in Last Pass. Go to Last Pass, type in a site's URL and it will tell you if that site was ever vulnerable, and if it's still vulnerable. Once the site's SSL certificate is confirmed as safe, you are then recommended to change your password, but not before. There is no sense in changing your password until the site is safe.