Actually, we do know many of the security holes, but the vendors generally like to ignore them, describing them as 'impossible' and so forth.
I don't have a reference to hand, but just last week The Register was reporting that people had been able to get a hold of Jacqui Smith's fingerprints. These will then be published on the Internet, allowing anyone to make their own latex copies, or whatever. Other studies have shown that a simple photo-copy is enough to fool most finger-print scanners.