Basically I use git and bitbucket not only as a git repository but as as convenient means of deployment, not only deploying my apps on various servers but also deploying examples to presentation machines that I use for lecturing, so some of my production machines have my private key. Which is bad --- because I don;t want to give someone who steals this key address to all my repositories (some of which hold sort of confidential code).
I guess ideal would be to just allow .ssh keys to be limited to particular repositories. For now I circumvent this issue by creating artificial users and sharing these private repos with them (which is OK since as an educational user I have unlimited repo plan) but this approach is kind of problematic since I have to obtain unique email address for each of these users. And it just doesn't feel right to create multiple accounts.
So any means of resolving this problem would be OK.