For better understanding there should be some patching Flowchart in KB 2076665, because maybe is little bit tricky and confusing but
I can see it quite clearly:
1. If you are on a previous (non-U1) build, you have to patch your host with both patches in this order (If you want to go for fixed Complete Update 1 release):
FIRST - VMware KB: VMware ESXi 5.5, Patch Release ESXi550-201404020
SECOND - VMware KB: VMware ESXi 5.5, Patch Release ESXi550-201404001
If you want just address and resolve OpenSSL Heartbleed issue without step to U1 install only "ESXi550-201404020"
KB2076665 Notes:
Note: After you have patched your ESXi hosts with VMware ESXi 5.5, Patch Release ESXi550-201404020, you should not upgrade your hosts to ESXi 5.5 Update 1 as the hosts will again we vulnerable to the OpenSSL Heartbleed issue.After applying VMware ESXi 5.5, Patch Release ESXi550-201404020 on ESXi 5.5 hosts, you should only patch your systems with VMware ESXi 5.5, Patch Release ESXi550-201404001 to update your hosts with all bug fixes that were provided with ESXi 5.5 Update 1.
And for me the main reason/recommendation not to patch a current non-Update 1 hosts to Update 1 applies only for those who already installed "ESXi550-201404020" because installing U1 release on them makes again those host be vulnerable to OpenSSL Heartbleed issue.
As I understand the only right way to go for ESXi 5.5 Update 1 is path I mentioned above = bypass VMware KB: VMware ESXi 5.5, Patch ESXi550-Update01: ESXi 5.5 Complete Update 1 and install "ESXi550-201404020" first and then "ESXi550-201404001 (which contains fixed U1 image)".
P.