Alex Hern reports for The Guardian this disturbing fact about the recently disclosed OpenSSL bug, now two years old and pervasive:

servers vulnerable to Heartbleed are less secure than they would be if they simply had no encryption at all.

How? The bug allows access even to information the encryption wasn’t protecting.