The real risk is that a malicious sensor would have access to the iPhone decryption key stored in the Secure Enclave when the device is powered on and could pass that along (or use it maliciously).
Getting your fingerprints isn’t much of a risk since it doesn’t grant malicious actors access to anything by itself. Even when TouchID is used to unlock your iOS device, it’s not using that as the decryption method, but as a gatekeeper to the real key stored securely in the Secure Enclave (that’s why you have to enter your passcode on reboot before TouchID works at all)
There are counterfeit TouchID sensors out there that approve every touch as well. Shoddy repair centers use these.
The real fix here would be to verify the integrity of the TouchID sensor on every boot, not just when the cryptographic keys need updated (which happens on iOS update and device restore. It’s also been there for a while, it’s not new to iOS 9).