I think that goes back to identifying adversaries. It's unlikely a criminal would attempt to cut off fingers for access to a random smartphone.

If you have secrets that are very valuable, you are outside the standard use case, and should probably use more advanced authentication.