As long as HTTPS is a requirement of using LFS, it should be possible to enable LFS over HTTPS without enabling HTTPS for standard Git transactions. There are teams that have a requirement to use SAML, which Git + HTTP cannot support, leaving SSH only as an option. However, even when using SSH, users of Git-LFS need to open an HTTP connection (using another built-in form of auth).
In such a configuration, ideally it should be possible to send back a clear message of denial to any git client attempting to access Bitbucket when git via HTTPS has been disabled. My experience has been that the git client can't handle such errors gracefully, normally only returning the first four characters of the server message. In that case, it would be pretty clear simply to return a message beginning with "DENY", which the user could then look up in Atlassian documentation.