Just a question (and I don't know too much about this). Is there any chance that certificate authorities who give out warranties could actually have to pay out on them now? Do any of them use OpenSSL?
Without looking at the specifics, the CA can't be held responsible for you leaking the key yourself.
Or do you mean if the CA companies themselves were compromised? That's a big separate issue. Even if the web process is the one that generates the keys (I'm skeptical, but it's possible), any keys made that way would quickly be moved out memory, unless they were made that day.
I think the warranty only covers losses that occurred during the use of the certificate. If it wasn't limited liability, Heartbleed could have caused a "Lehman Brothers" style default for all CAs.
