You may have already heard about a vulnerability called Heartbleed that affects secure communication with websites (summarized nicely at The Loop).
In response to this threat, Omni immediately updated OpenSSL to non-vulnerable versions on all of our servers. We then revoked and regenerated all SSL certificates and keys. It is safe to change your Omni Sync Server password at this time. We don’t have any evidence of malicious behavior, but due to the nature of this vulnerability, we’re recommending that all users change their passwords anyway.