Royal TS (the Windows as well as the macOS version) is a client application and as such not affected by the Heartbleed vulnerability.

But Royal TS is connecting to servers using SSL (e.g. using a WebConnection with https as protocol or an SSH connection). If you are connecting to a server that is vulnerable to the Heartbleed bug, a cyberattacker can query the server in a way so the server gives away your data and even traffic encryption keys. So please make sure you only work with patched servers. 

We recommend to make sure that all servers you are using are properly patched. Also change your passwords after the servers have been patched.

Furthermore, Royal TS for Windows as well as the upcoming Royal Server are based on Microsoft frameworks which have been unaffected by the Heartbleed vulnerability:

http://blogs.technet.com/b/security/archive/2014/04/10/microsoft-devices-and-services-and-the-openssl-heartbleed-vulnerability.aspx