Some random thoughts...
1) According to this article (and someone who posted in this thread about using it with a motorcycle helmet on), this requires you to look at the phone but doesn't seem to actually be using FaceID to authenticate any part of your face. If true, why aren't they utilizing FaceID to at least authenticate the un-masked part of your face (and couldn't they also authenticate the shape of the masked part of your face)? Has Apple explained any of this anywhere?
2) I don't get why it won't let you configure your security settings to just use your Apple Watch and proximity settings to fully unlock everything (including passwords). If you're really worried about a security risk, fine, you don't have to enable that. But why not make it configurable for the user to set it up as loose or as secure as they are comfortable with? If I'm wearing my Apple Watch and have a FaceID iPhone, I should be *allowed* to configure it to let me unlock it just by swiping up when my Apple Watch is on and nearby. I don't need them to be my nanny and do worry about what, in my opinion and in my personal situation, is a small risk that I'm willing to accept. And taking things to the extreme...if someone threatens you with a gun, they'll likely get you to comply with unlocking your iPhone with FaceID, anyway.
3) Why don't they support scanning/storing multiple FaceID "prints"? This is nothing new, so again, has Apple ever explained this? I know my wife's passcode and my daughter's passcode, and they know I know. In the past I've even stored my fingerprint on my wife's phone. She often has some problem with her phone that I need to troubleshoot, and this makes it easier for me to jump in and diagnose. If Apple's worried about someone abusing this and setting up their FaceID print on their spouse's phone (or whoever's), they could easily write some logic that would alert the primary user to the fact that another person's FaceID print exists and ask them to "OK" it. They could be asked/bothered one time, and then never again.