Hold on there...
Hardware access will result in an attacker getting to your files, period (unless you use TrueCrypt or similar, but let's assume that's not in play). Whether they use a Linux Live CD, rip out the HDD and boot it on another machine, or take advantage of this "vulnerability": it doesn't matter. You are owned.
The problem with this article is its passing mention of "near-plain-text" and later statement that hardware access is required to exploit the vulnerability. What are we supposed to make of that?
If it's truly near-plain-text, then a normal application should be able to read the registry entry, and we'd have a real problem (assuming someone can figure out how to get the plaintext). But the fact that hardware access is required makes me think it's not so simple. In fact, "near-plain-text" is starting to sound like "encrypted". So, does the fingerprint sensor decrypt the registry value and use it to log on?
Lacking a more technical explanation, I don't really know what to make of this.