I get why you're concerned, but I wouldn't dismiss them so quickly until we've heard all the details. They seem like a talented team, and I assume they've anticipated the possibility of social engineering.
Here's a snippet from the FAQ on their website: "During first time setup for the device, you can choose where you want your recovery key stored. The default option is to store it in a secure vault operated by Third Key Solutions. If you wish to store your own third key, you will be prompted during the setup flow to scan the public key of your recovery private key. Please note that you will be responsible for signing a transaction with this private key if your device is lost or stolen, and we recommend this only as an advanced option for expert users." [1]
Well, the third key is only useful if one has one of the other two.
Though there is the possibility that an adversary could get access to the third key and the key that they store for being tied to the biometrics?
But I think that that is probably sometimes a lower risk than the risk of "oops, I lost/forgot my bitcoin key" if one is using single signature? (depending on the person, and their adversaries)
Agreed, this is what some of the new startups that make something "secure" soo often overlook. They make put UX (if you can call it that), over real security. It's still possible to deliver a great user experience and backup solutions without compromising security, it's just not easy.
Companies that do succeed at this however should all receive an award for it, or at least be listed somewhere, because it's a really hard problem to solve at times.
I think in certain aspects Apple got this sort of stuff right with the iPhone, but I'm not sure about that, at least I hope iOS is as restrictive as it is for a reason.
Here's a snippet from the FAQ on their website: "During first time setup for the device, you can choose where you want your recovery key stored. The default option is to store it in a secure vault operated by Third Key Solutions. If you wish to store your own third key, you will be prompted during the setup flow to scan the public key of your recovery private key. Please note that you will be responsible for signing a transaction with this private key if your device is lost or stolen, and we recommend this only as an advanced option for expert users." [1]
[1] http://www.choosecase.com/faq.html