In two weeks of testing, the company has been unable to successfully access private keys with Heartbleed, suggesting the attack may not be possible at all.
CloudFlare is willing to put their research to the test in a pretty public way. Their service: https://www.cloudflarechallenge.com/heartbleed is unpatched and vulnerable. They're asking hackers and crackers from around the globe to try and compromise their private SSL key.
This will be interesting to see how this plays out.