I changed passwords on gmail...
I was going to wait until I get a message from Google, since I have 2-step verification enabled. I don't see how heartbleed could compromise it. Except of course for application-specific passwords.
You know the drill - If it's worth saying, but not worth its own post (even in Discussion), then it goes here.