Right now Bitbucket Source plugin requires putting personal password to be able to monitor branches. This is a security risk to expose such information. The proper way would be to create an OAuth consumer on Bitbucket side, set proper access permissions and use OAuth key+secret to authenticate to Bitbucket.