The handling of biometric data is designed to be secure between the sensors and the secure enclave. For example, data from the fingerprint sensor is encrypted when it is sent over the wires inside the device. The secure enclave does not store images of the fingerprint, but a representation of it which is not enough to reverse back into a fingerprint.
This is covered in the Apple Platform Security Guide.
What makes you think that's relevant to the discussion here? The person I replied to was under the incorrect assumption that someone in possession of a phone could extract stored fingerprint images, which is not true of any well-designed biometric system.
If you do a little bit of reading about the topic, too, note how well-designed biometric systems require more than a simple fingerprint or photograph — e.g. Apple's FaceID has liveness checks for eye motion and uses a 3D scan. None of these are impossible for a well-resourced attacker but that's true of the alternatives as well. This is why you need to think in terms of threat models — e.g. the attacker who can get a high-resolution 3d scan of your face can also watch you type your passcode in so the latter isn't more secure in practice.
This is covered in the Apple Platform Security Guide.
https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/app... (I believe this link can change when the guide gets updated)