Face ID and SecurityFaceID is in a way more secure than TouchID because it's less likely to suffer from key collision. Key collision is when you have the two different patterns that resolve to the same value. So with TouchID key space was 50,000 different keys which meant there was a 1 in 50,000 chance that you and a random stranger would share the same key and they would be able to unlock your phone.
With FaceID, it's a one in a million chance. Not perfect, but pretty good and much better than TouchID. Now you might be saying, "But I thought everyone's fingerprints were unique?" That's true, but to make it secure and fast you have to boil it down to a relatively small number. So, in New York City, probability says there are maybe 8 or 9 people who could unlock your phone. But you are playing against the odds because it only takes two failed attempts to require your pin to unlock the phone.
My take on this is that the image recognition systems used by other vendors (namely Android vendors like Samsung) is that they are fairly easily defeated. For example, on the Samsung S8 you can just use a picture to defeat it. Devices that use iris scan are a little more complicated, but they can be fooled with an infrared picture of your eye and then printed out and covered with a contact lens. Certainly a lot of work, but not beyond the pale.
Our advice to companies is plan on using FaceID, but keep an eye on the industry to see if it gets defeated. Enable it with a feature switch so that if it does turn out to be vulnerable you can disable the biometric authentication on your app on iPhone X devices. You could still use TouchID on other devices, but keep the option to restrict FaceID to make sure your apps remain secure.
*This is part three of a four-part series on the September 2017 Apple announcements. You can read parts one, two, and three here.