Yes. It doesn't take a lot of resources. It's already been noted on Twitter that someone - possibly quite a lot of people - were using HTTPS Everywhere lists to find interesting targets. Mass hacking and drive-bys are trivial. And remember, it's not just certificates! It's anything that is in your sever processes memory (the process that implemented SSL), so it could be passwords or other credentials.