Technically true, but an attacker who compromises your credit card info in this case could specifically target your identity on every site that uses OpenSSL with the same ease. Once you're targeted, unique passwords wouldn't do anything. And you have no idea whether or not your identity across multiple sites is now part of some repository.
That's not how this bug would really work in practice, targeting in that manner would be very difficult, assuming the other entity also was impacted. However, if it wasn't affected, a uniqque password would 100% protect you vs using the same password - which would not.