For anyone who is wondering what the big deal is about the Heartbleed exploit, XKCD explains it well.
All that extra "stuff" can be passwords, usernames, banking information, addresses, etc. It is entirely a hack on website servers, and isn't affected by how awesome your personal antivirus or firewall is.
You log onto your bank. Your bank's web servers know the information of your login and everything else you see on their webpages.
A Heartbleed hacker hits the bank's website and pulls all the stuff that the bank's web server knows at the moment - including your username, password, account numbers, balance, etc.