First: EMI hazards - no change, when there's any credible research that draws any significant conclusions regarding the risk of phones to health (and the experimental cohort is now literally billions of people for literally decades; if there were a signal in that noise, someone would have noticed by now - it's not as if they haven't been looking). Bloke with drum to beat and axe to grind writes book. Not a new story.

Anyhoo.

I don't think that the worldwide IT infrastructure is riddled with problems like Heartbleed, although I'd bet a pint that it's not the last dreadful bug of its kind, due to the lack of actual "engineering" that goes into most software "engineering" (seriously, writing this stuff in C is like a builder making your house out of bricks and girders he made himself in his back yard).

I think it's naïve to think that these bugs are unknown to the big intelligence agencies or the black hat community, despite the protestations of the former.

If I were a black hat and I had a sploit that could extract server private keys without leaving a trace, I'd be using it in a way that wouldn't attract attention (i.e. I wouldn't just hook up the biggerest and fasterest computer I had and all-but-DDOS the server, I'd make one 64KB request every other second or something, and let it run for a week, possibly coming from random IP addresses) like a BOSS.

I would then use the spoils of my efforts to extort moolah from the kinds of people who absolutely positively cannot afford any publicity (+ve or -ve) on the subject of security.

The spooks, of course, would use the spoils of their efforts to read ASCott's email, and lie about doing so.