Fedor Indutny, a core member of the node.js team, has proved that
it is in fact possible for an attacker to sniff out the private
SSL keys from a server left exposed by the Heartbleed bug. The
proof came in response to a challenge from CloudFlare that called
on the security community to grab the keys from a demo server.