Best explanation of how heartbleed worked (and why it was so bad) yet. Also, keep in mind that this bug worked both ways. Sure it let malicious people access the memory of remote servers, but it also let malicious servers access the memory of vulnerable client devices and computers!
From: http://xkcd.com/1354/