If they can issue an auth code for apple hardware then presumably it's possible to issue one for non apple hardware. They just have to make some effort to confirm the owner of the phone has it rather than a thief.
Only to the extent I protect my own data. If I don't use the fingerprint scanner (or even a simple password), don't brick my phone because the fingerprint scanner failed validation.
Really, this seems pretty straightforward. "Security," while always a noble cause, is not an excuse to add gratuitous points of failure to a system.
