I would argue that the value of the list between nil and none. The vulnerability has been around for 2 years and evidence suggests that hacker's have exploited the flaw. Google might be patched but what about a month ago? or a year ago? To be on the safe side passwords should be changed for any site unless they explicitly state that they haven't run OpenSSL at any time in the last two years.
We ran through Alexa's Top 100 U.S. websites and manually ran checks against each one, using a different tool than Mustafa al-Bassam used to run his script against the top 10,000 Alexa global sites. If you'd like to manually run checks against every site on the Web, we will not stop you.