Attached to this issue is a bitbucket-pipelines.yml for reference.
As you can see, we use the env vars PROD_AWS_ACCESS_KEY_ID and PROD_AWS_ACCESS_KEY_SECRET, to deploy master branch to our production instance.
However, any developer can change the bitbucket-pipelines.yml and use those env vars for the 'default' pipeline and thus deploy dev code or any other malicious code to the production environment. In fact, this can even happen by accident by a developer editing the file and copy/pasting portions of it to a different step.
There is no way to limit the visibility of these env vars defined in bitbucket project to ensure they are only available while running the master branch pipeline.
This seems to be a huge security issue, allowing any developer to modify the bitbucket-pipelines.yml file and deploy absolutely anything to the production environment.