Most banks and financial institutions don't use OpenSSL, so not affected by Heartbleed. However, online retailers who do use OpenSSL, say for instance for their shopping cart, could be vulnerable to exposing customer credit card and other personal info in memory.
The other issue is that many, unfortunately, use the same password for all web accounts for convenience. A hacker could conceivably extract an affected email provider's login/password to check an account for banking related communications. Then attempt to gain access to those financial sites using the same password. Which is a reason to have unique passwords for each website.
A forum account breach may not be harmful, more of an inconvenience if not an embarrassment to the account holder, as a hacker could use the opportunity to post spam. Access to a moderator account could initially be more damaging, but should be restoreable once discovered.
The Open Roads Forums apparently use Microsoft IIs servers which utilize its own encryption component Secure Channel, so not impacted by Heartbleed.
