Destructive operations - like "delete repository" and "transfer repository" should ask for password
One of our project admins had his laptop stolen and we forgot his browser was signed on to bitbucket.
When he later realized that (by checking sessions) - he scrambled to sign out of all sessions and change his password, but damage could have been done.
It would be great if you can force a password before any such destructive operations can take place. In fact, code can be restored (using local clones, etc.) but issues/wikis/etc. cannot !