Update on the "Heartbleed" SSL vulnerability:

As I said before, our site isn't vulnerable. We already had the patch in place before news of the bug went public. There are no signs our site was actually compromised by this vulnerability, but it nonetheless is possible that passwords were leaked prior to the patch. So as a precaution, you should change your password, and the same goes for passwords to other sites.

However, even if you've already changed your password, there's still a remote possibility that the new password isn't safe. This is because Cloudflare, which we use, hasn't yet revoked and reissued their SSL certificates. If any of the private keys for the certificates were leaked prior to the time that Cloudflare had the patch in place, this would still leave a vulnerability. Cloudflare thinks it's most likely impossible that any of the private keys were leaked. But as a precaution they're going to revoke and reissue certificates. We'll let you know when they do this, because you probably should change your password again after the new certificates are in place. See the link below for more information from Cloudflare.

http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed

Please note that even if it turns out to be impossible that any of Cloudflare's private keys were leaked, this doesn't mean that private keys for other non-Cloudflare certificates couldn't be leaked. For other sites that you use, you may want to find out where their SSL certificates come from and find out when new certificates will be issued so you can change your password again.