Well, to be useful in a computing environment you would have to convert the analog brainwaves into a digital format. Now, we can pretend that each and every manufacturer will have their own proprietary way of digitally converting these waves. Or, We can pretend that there will be an industry standardized format for converting analog brainwaves into a digital format (this is the more likely case IMO).
So, your Brainwave Pattern + Industry Standard Conversion = Valid Authentication Token. What is keeping me from taking that same token to another device that uses the same industry standard? It's not any different than a variation of a "Pass the Hash" issues encountered in our current computing culture.
Moreover, most biometric safeguards implemented today are run on top of existing authentication schemes. Do you think when you scan your fingerprint that it sends your fingerprint data to active Directory to authenticate? Doubtful. The application validates you finger print locally and then Authenticates you in an existing method i.e Kerberos, or whatever. Most Biometrics are just macros that type in your password for you behind the scenes.
In theory only one device should be able to reproduce those waves..your brain. Just like you should be the only one with access to your private keys. But I am a firm believer that anything that requires input can be tricked into accepting false inputs. Even Dildo's are a falsified input which will usually "authenticate" on the correct biometric systems.