I just read an article this morning that lists XDA on a list of sites using a compromised version of OpenSSL. What does this mean for you? Not much considering this site doesn't really have any sensitive data but it allows attackers to gather small bits of data and potentially gain the encryption keys and get all of the information in your profile (which I am assuming would include your paypal donation email address which if exploited as well could be dangerous). Here is a link via github to a list of affected sites
I just recommend changing your passwords plain and simple
Edit: Apparently XDA maintainers have stated they patched the bug---http://forum.xda-developers.com/show....php?t=2710685
But the scan was performed yesterday so I'm not sure they had proper time. I will be updating my password anyways.