The Free software foundation are talking without knowledge, the Fingerprint sensor may be network accessible or it may not be. Typically a secure subsystem like that will be designed to store the print data securely and locally. The question is, is there a path in terms of data bus layout or data-bus layout in combination with security chip design whereby the CPU can access the print. There are three distinct likely possibilities which match Phil Schiller's statement on the security (more unlikely ones but I won't touch on those)
1. No, the security chip and firmware are entirely discrete and non upgradable and have a small amount of local storage with a simple CPU side interface which allows new "prints" to be taken and confirms or denies when a scan has passed.
2. The security chip firmware can be upgraded such that a modification could direct the "print" data to the CPU. But the firmware will be protected by a locked bootloader and only those with the key can access it. The "print" data is not accessible by the CPU unless subverting firmware is installed.
3. The data is accessible directly by the CPU, but isn't as a matter of policy.
1. Is obviously the strongest but is bad if a weakness is later discovered and hackers with physical access to the phone can exploit it. My money is on 2. in which case if Apple state clearly and publicly the firmware is secured, then that is quite a big commitment to break and would destroy the brand if they made the claim now, after recent revelations but got caught out at a later date. Note however this doesn't entirely rule out the NSA being able to subvert individual phones on a case by case basis. If they had that capability or there is any weakness they have an exploit for in the secure bootloader, (or backdoor, which may even not be known to Apple - yes that's the weird subverted security world we now find ourselves in, 4 months ago such a consideration would not have been taken terribly seriously) they wouldn't want to be doing that on a mass basis (though not so sure about pre-Snowden NSA) or if they can legally force Apple's hand to target individual handsets with a firmware change that too remains a problem. 3. Clearly 3 Should raise the most alarm bells
Unless we know which is the case it's premature to comment. Unfortunately Apple are taking the road if security by obscurity which, as a phrase, should be re-written as "security if you believe us, possibly."
I think they should issue more details, with at the very least informing if the system is 1, 2 or 3 above.