Most of the banks really don't look like they were vulnerable in the first place, at least the bigger ones.

I've got to be honest, I think this particular bug is being heralded as far more of an issue than it really is. Yeah, the whole has been around for a fair amount of time, but there's not really any evidence that anyone knew about, let alone was exploiting it before very recently. I honestly think if it had been a problem before, we'd have heard about it long before. Heck, even though openssl 1.0 has been out for that year and a half, it doesn't appear that everyone really jumped on the bandwagon and updated to it (out of curiosity, I checked a web hosting provider I use for a site, and it was using a version of .9.8).

Now, obviously, now that the issue is a known issue sites have to fix that problem, and ironically, things are probably at their most vulnerable during this time period with places that are slow to fix things. But I'm not overly convinced that the level of panic that this seems to have created is really warranted. Obviously I'm not saying that it's necessarily a bad idea to change passwords, but I just don't really believe that there's any evidence that the odds are very high that your password would have been compromised.

Anyhow, that's just my personal opinion. I'd like to think that it's a reasonably informed opinion, but take it with the proverbial grain of salt.