This whole fiasco makes me wonder if the link between the TouchID sensor and the rest of the phone is so fragile and easily spoofed that they are concerned a fraudulent sensor could be trusted implicitly by the phone, and therefore used to inject malicious data ("here, I am sending you [USERS] thumbprint").