Man I'm not not worried so much about malicious state or corporate actors getting my biometrics. I'm worried about the incompetent ones (which is all of them). Those are the guys who collect biometric data, store it, and then lose it. Like my social once my face is out there I can't get it back. I know that nobody is going to make a copy of my beautiful face to get access to my iphone, but more about the future when biometrics are used to let us into -- for instance -- a cloud provider's platform[0]. At that point there's no physical device to bypass it's just a question of sending the right bits to a server. Then my biometrics are defeated and I won't be able to reset them.

(edit: wrong link)

[0] https://www.youtube.com/watch?v=YJg02ivYzSs