According to a Googler, the security fix in question is related to CVE-2014-0224, which is an OpenSSL bug allowing a man-in-the-middle attack. It's actually a fairly serious bug, and distinct from Heartbleed (fixed in 4.4.3). There are other tweaks, but we'll have to wait and see what the official word is. An AOSP push should show up soon and we can see what was addressed.
Towelroot is not affected by 4.4.4.
The Nexus 5 seems to be the only device with an OTA on the books, but 4.4.4 binaries and images for Nexus devices are already live on Google's site.
For changelog visit: https://funkyandroid.com/aosp-KTU84M-KTU84P.html
All in all, this is a pretty minor update.