So you doink for your Oyster, doink for a newspaper, doink for a sandwich from your shop, and then you have to go find somewhere to tap in the PIN anyway? Anyone who uses it for the intended purpose ends up having to put in a PIN every day? Anyone who doesn't even know their card does it doesn't? That's the wrong way around.
Not at all sure what you're saving here, except for a fraction of a second, at the risk of £60 (soon to be £90) of unauthorised charges.
The question is not what happens if you lose the card (but, generally, in that case unless you know the PIN you can't withdraw from ATM's or charge it in shops or even use it most places online - and those you can you won't be liable for because they failed to check your details and/or shipped to an unauthorised address anyway), but how easy it is to fake / force a transaction.
Doink to the card is inherently insecure. Work briefly anywhere there's a doinker, order a replacement doink-device, strip it down, walk around London bumping into people (or, as demonstrated, site it somewhere inconspicuous and have it point down a road - you can power up the RFID coils in the cards remotely and just snatch the transaction out of the airwaves as normal for doinking). If you have a brain, make it charge the people who stop / look / visit the shop it came from on a 1/100 basis, so it disguises as just an accidental / double transaction, if they notice that they didn't buy a sandwich on Monday at all. By the time people catch on, you can have stripped the account and been long-gone.
Doink to the phone isn't any more secure but - actually - if the phone is software-authenticating your fingerprint then the software has the ability to authorise a transaction. Although modern devices are FAIRLY isolated, there are by no means perfect. It's like storing your credit card number on your desktop - in theory it should be secure, but it's not really the kind of thing you want to be doing.
First thing I turned off on my phone was RFID (because I could doink and get info from my card from 20cm quite easily - not the sensitive info as it's all encrypted but it's ONLY the encryption that stops that, the capability to have reader hardware that ubiquitous is scary in itself, but again it's one software / encryption compromise away from complete access). First thing I did when my bank issued a doinker-card was stick it in an RFID sleeve and test it against my RFID reader - it worked enough to block the card no matter what I did. Also saves me from "card clash" as Oyster etc. as so keen to point out ("Hey, our technology is so good we can charge entirely the wrong card in one little doink without you getting a say in the matter!").