Details
-
Suggestion
-
Resolution: Fixed
Description
Login to bitbucket.org is not forced through https unless you use https://bitbucket.org explicitly.
It would be better if the login form is submitted through https even if you are visiting http://bitbucket.org and the default login page should redirect to https.
Also the change password form should be HTTPS by default. I suggest that the http://bitbucket.org/account/* is forced to https://bitbucket.org/account/