Since the TLS heartbeat extension is essentially symmetric the Heartbleed vulnerability affects not just servers, but clients (web browsers etc.), too. See
http://blog.meldium.com/home/2014/4/...rse-heartbleed for more information. It appears to be possible to obtain blocks of memory contents from client PCs.
Cheers
Steffen.