I'm willing to bet all the CA's are collectively smacking their lips right now.<p>Even if exposure is unlikely, the default response must be "better safe than sorry". Because if your data is compromised in the future because of a pk leak due to heartbleed, you do not have an excuse.