As the help page "Associate an existing domain with an account" says right at the top and in red, "Using a CNAME with Bitbucket will result in unencrypted communication between your users and the Bitbucket website. This means passwords and other potentially sensitive data will be sent in clear text."
Granted, I should've read that warning a little earlier, but this still seems like an odd limitation.
It's not clear to me whether this is due to time constraints or for technical reasons. I would love to be able to go to https://opensource.<companyname>.com. Without SSL, that seems far less useful.