As with so many things, you sacrifice security for convenience.
Its actually pretty secure... even identical twins get recognized as different individuals....
However, in the sort of situation where someone wants you to unlock your phone... You really can’t stop them.
They claim its 1 in 1,000,000 chance someone else would fool it... and a standard 6 digit code by pure guessing is obviously 1 in 1,000,000 as well, so its not so much any less secure from a random attack by someone trying to open the phone... but like this story shows, there is no privacy expectation of your face.