Issues always happen. It is how they are handled that makes the difference. I've not paid close attention to Github but it appears they react responsibly and quickly.

With my issue it seemed like Bitbucket was a one man shop and I suspect that if I had thrown a fit things would have happened quickly. Jesper was attending pycon and I was fine with addressing it after that, but then it was not promptly attended to afterwards. I have no records of how long it took to fix but it was at least several weeks and may have been months. He did dispute "easily guessable". (The Bitbucket service at the time was also overwhelmed with languishing tickets.)

In my own view, private data being accessible no matter how improbable is always an immediate issue. Issues that initially seem improbable get turned into the probable very quickly by the bad guys who are far more imaginative.

But as I said this was late in 2010. I have no idea if the culture of Bitbucket has changed since then or is better.