You have to differentiate between MITM and someone intercepting your traffic.
For unencrypted traffic (and logins), an attacker just needs to sit somewhere between you and the server you are connecting to. He can then sniff your password from the network, or any other information that is exchanged.
For encrypted traffic this isn't as easy. To attack an encrypted connection MITM (man in the middle) is used. As the attacker does not know the key that is used by the server, the attacker pretends to be the server to you. He then connects to the server and pretends to be you, forwarding your original request.
Instead of one encrypted connection between you and the server, there will be two. One between you and the attacker, and a second one between the attacker and the server.
This could be easily detected by you, if you care to check the key that the server presents to you while connecting. As the attacker needs to use his own key, you can quickly realize that you are not really talking to the server.
With HEARTBLEED things get ugly right here. Heartbleed allows an attacker to obtain the original secret key directly from the server. At this point, you have no chance to figure out that you are being attacked.
If you are using unencrypted connections all the time, HEARTBLEED doesn't affect you negatively.
This is comparable to driving without a seatbelt on, when it is announced that there is an issue with some seatbelts that might cause them to unlock in a crash. It doesn't matter for you, because you are taking advantage of readily available safety devices.
PS: Heartbleed leaks random data. It can be the private key, or anything else the server currently has in memory. Leaking the private key is just considered to be the worst case in this scenario.
TL;DR: MITM attacks are rare, because they are hard to set up and are easily detected. Heartbleed is serious, because you can not detect it and it is much easier to apply.