I'm sorry, but with recent things like the NSA listening into pretty much every secure connection (even this one potentially!)... Apple lying to their consumers about keeping their fingerprint data on device, and having that come out would be just suicide. No company is that stupid.
Besides, because of how security certificates work with chain of trust, Apple ultimately holds the "master key" to devices in the first place.
If they ever needed to (due to subpoena), they can very easily sign a custom firmware (that iBoot will happily boot, because it's signed by Apple) to be able to access the data. This hasn't ever happened (AFAIK), but with a trusted boot chain, the ultimate key holder can sign whatever they want.
Before you all go off the deep end as well about Apple, Microsoft has a very similar system with newer EFI computers. They've started having "trusted boot" as well, but Microsoft is the vendor that signs the binaries. They can, in theory, sign anything they want.
Same thing with all those "locked" boot loaders that Android phones have. The manufacturer can sign anything they want to get your data if they wanted to.