Exactly. Touch ID (hopefully!) isn't designed to protect against a sophisticated adversary with time for preparations; it only has to hold out as long as it takes the device owner to realize that their gadget has gone missing. In the case of Apple Pay, they can then immediately disable the payment functionality.
Of course, this doesn't help against a sophisticated attacker who is interested in the data on a device; in that case, a secure passphrase would be preferable.
Unfortunately, it seems like iOS doesn't allow using different authentication methods for payments and for device unlocking; it would be really nice to be able to use Touch ID for the former, and a passphrase (or even a passphrase AND a fingerprint!) for the latter.
Of course, this doesn't help against a sophisticated attacker who is interested in the data on a device; in that case, a secure passphrase would be preferable.
Unfortunately, it seems like iOS doesn't allow using different authentication methods for payments and for device unlocking; it would be really nice to be able to use Touch ID for the former, and a passphrase (or even a passphrase AND a fingerprint!) for the latter.