Given the recent CVE-2014-0160, the impact it had and apparently some doubts about how much valid use tls-heartbeat really has, it seems it would be advisable to leave to users enabling tls-heartbeat. In this case, I argue the "better safe then sorry" approach, makes sense.
*** This bug has been marked as a duplicate of bug 507130 ***