Why should the touch ID sensor need to, or be actually doing, store any data or provide authentication?
What you're saying is that you can replace the fingerprint sensor and thus fool the device into thinking you provided ANY fingerprint, without any knowledge of that fingerprint? Sound inherently INSECURE to me. I could steal Barack Obama's iPad, change the sensor, and order a coffee on his credit card without having to enter a single credential or knowing what his fingerprint looks like.
Compare and contrast to "it's just a fingerprint reader that provides a hash of the offered finger, which the OS compares to a list of known hashes of valid users", for instance. Unless you know what the fingerprint looks like, or can read the original hash and generate hashes of any possible combination you want, you shouldn't be able to do that. And if you did it properly, only Apple would know what the hash was on a remote server, and the entire conversation between reader and end-server would be encrypted and nonced to prevent replay attacks.