If you don't want 1/50K bruteforceability (i.e. you want strong end-to-end security) you have to turn off TouchID.
And then again my point remains, that open source or not, a long secure password is a PITA and Apple makes that option available.
We agree on that narrow point. Now back on topic please...