Heartbleed was/is a critical issue, and easy to exploit to be sure. On the other hand, you had to attack a server to try and find useful bits of information such as the private key for that server. Bad as it is, I'd far prefer that to *plaintext*, in which every knob-puller between you and the server is free to muck with it as much as they want, with no clue that it's going on. With all its warts, even the unpatched servers provide more help than hindrance, should it be used.
ASCII-based plaintext protocols are great for hand-bombing via a terminal, but really have no place in the modern world. Encrypt everything, all the time, and high muckety-mucks have to be specific about which needles they expect you to reveal.