One of our project admins had his laptop stolen and we forgot his browser was signed on to bitbucket.
When he later realized that (by checking sessions) - he scrambled to sign out of all sessions and change his password, but damage could have been done.
It would be great if you can force a password before any such destructive operations can take place. In fact, code can be restored (using local clones, etc.) but issues/wikis/etc. cannot !