Presumably, since you have to flash your eye balls every time you transact, there are lots of opportunities for apps or even fake terminals to intercept the data without a user knowing. That's a whole lot easier than the kid napping route.Somebody can steal your password without ever meeting you. However, if they can't hack the authentication system, then they need you to flash your eyeballs. On the flip side, if they do hack it, then potentially you need a new set of eyeballs.
Having said that, I do think there's a way they could change the feature-extraction algorithm and give you a new signature. The system would need to remember that the old signature is no longer valid. Whether they offer these sorts capabilities remains to be seen, but hacks would certainly be troublesome and expensive.