By now, you most likely have heard about this Heartbleed bug that has affected over half a million of the world's most popular websites due to a programming error within OpenSSL. You can read more about the bug at the link above, but in essence it allowed unauthorized users to steal the identity of a server and decrypt all traffic that was coming to or had been to the server in the past. This was hotly debated for a few days after Heartbleed's discovery, but has since been confirmed:
The demonstration by Cloudfare that it's possible to extract private SSL certificates means that out of an abundance of caution, administrators of sites that used vulnerable versions of OpenSSL should revoke and replace old certificates with new ones as soon as possible. Given the huge number of sites affected, the revelation could create problems.
So this is a pretty big deal for sites that rely on OpenSSL to encrypt their traffic. The question that users should be asking themselves is which sites are affected?