My understanding is that for any web service that you were relying on SSL to protect your password in transmit when logging in, insofar as the SSL encryption for that webservice relied on openssl and could have been totally compromised, then your password would not have been secure in transmit. The bug would allow an attack to decrypt openssl-encrypted traffic, AFAIK.
jrobertson likes this.