Depending on how the exploit is written it can be encrypted or unencrypted. If the heartbeat is sent before the TLS handshake is finished, then the memory contents will be sent in the clear. If it is sent after the handshake is finished (meaning all crypto stuff has been agreed on by both sides) then the data will be encrypted. This also makes Heartbleed very hard to detect on the wire in general.