Fingerprints are not bad for local authentication. For instance if phones become more used for payment I would expect my phone to contain a secret key for payment that is unlocked easily which a fingerprint could do. So in order to compromise this they would need to get both my private key and my fingerprint. If my private key were compromised, I could then get another key. The article is right though that fingerprints should not be used as the sole means of auth though for the sheer reason that it cannot be changed.