Main problem with any kind of biometric authentication is that it cannot be used as basis for generating encryption keys (eg. for whole disk encryption). Because in that case it's totally irrelevant if you can fool the sensor, you just have to process somehow "stolen" biometric data in same way as the sensor (+ encryption software) does.

For other authentication applications, all security lies in fact that it's not possible (for reasonable values of "possible") to fool the sensor or bypass it. But most commonly used fingerprint scanners are incredibly easy to fool (even including so called "high-security" sensors that happily accept photocopy of fingerprint as valid finger). Bypassing the sensor is often even easier, but on the other hand I've seen systems (for example BIOS level fingerprint authentication on ThinkPads) that are explicitly designed as to make that very expensive (in the ThinkPad case you would have to actually decapsulate the sensor chip from it's package).