Right. But if it ever failed when shown a mask, did they enter the PIN? Face ID continues to learn as you use it. If you show it the mask, then tell the phone that the mask should be accepted, then you are training on the mask after set up.
Like the fingerprint sensor, face id isn’t perfect. If you are worried that some criminal is going to go to the trouble of making a mask of your face that’s going to work with your particular phone (each phone puts out a different dot-grid), then don’t train it. Use a strong password.
Most people just want to keep room mates, and co-workers out of their phones and face id and fingerprint sensing are both great for that.