Nice post. I can agree with your post but only to some extent. It's true that our biometric traits are generally immutable, and having them stolen would imply a security breach in our phones, etc. However, in the case of the fingerprint attack, for instance, it is necessary to create an artificial artifact that contains the stolen fingerprint (with a 3d printer, for example) and then have access to the phone. If the phone has been stolen, the victim may disable it remotely in the meantime if it has crucial data. Otherwise, if it belongs to a common user, it is worth examining whether it really pays off to perform this attack.

Other scenarios may be more relevant (e.g., building access), but they are usually surveilled. All in all, my point is that when the threat is high, there are (or there should be) complementary security measures to stop the attacker.