The Heartbleed bug is unusually worrisome because it could possibly be used by the NSA or other spy agencies to steal your usernames and passwords — for sensitive services like banking, ecommerce, and web-based email — as well as the private keys that vulnerable web sites use to encrypt your traffic to them.