The only downside I can see with Applepay is someone finding out your 4 digit pass, which can be circumvented by just watching someone type it in. Once in, a thief can add their fingerprint to the phone and use their own fingerprint for transactions if passbook already had cards stored, correct? I think entering Passbook and fingerprint should use a more secure and longer string and make that mandatory and not allow 4 digit pass for those two areas specifically. People's 4 digit code is inherently weak placing more valuable info and permissions at risk. Think about it. If the enclave is really as secure as it states, then the thief would have no worry about including their fingerprint cause the authorities can't get in their right? I mean fingerprint data is never passed along in a transaction.