How many people updated their libssl packages without restarting the server processes, thinking they're safe when they really aren't?

With a bug in such a central place you'll have to touch everything - could as well rebuild everything, when your processes are prepared for it.