While it is true that the developer does have to keep certain things in mind regarding security (like using parameterized queries, and the like), the OpenSSL "HeartBleed" issue is an encryption certification issue, fixed by the SA recompiling the kernel with the patched OpenSSL in place.
What does this mean for users?
It means that any website you've been to in the last two years that is running the unpatched version of OpenSSL for encryption is a possible information leak to hackers who know how to exploit it.
I'm sure there are instructions, somewhere, that can teach the user how to tell if they are on a site that uses OpenSSL, I just haven't read them. Otherwise, I'd paste the instructions here.