I can't get into the law enforcement stuff, I'm not law enforcement. But I am (among other things) an IT security guy, so I can tell you that, if you're going to use your phone (any phone mind you) for payments, encrypt the sucker and protect it, I'm talking serious security. When the phone comes out I'll probably do a step-by-step and ask the mods to sticky it, but the bottom line is that it is possible to reasonably protect your payment and biometric data from being compromised, even if your phone is stolen. You just have to follow some simple guidelines.
1. Enable full device encryption on your phone. This encrypts all the data on the storage, so no one can read the data directly off of the memory chips.
2. Set USB to "Charge Only" or "Prompt." I think Samsung offers those options. This way no one can just plug the powered on phone into a PC and read the data off of it with the screen locked.
3. Set unlock security on your phone (required with encryption). There's several options here. Biometrics (face recognition, fingerprint) are hard to duplicate, but can be compelled by a judge in the US, while no one can force you to give up your PIN or password (protected under the First Amendment). This matters to some people. Regardless, this way no one can unlock the phone unless they have your PIN/Password/Biometric already.
Now, it's important to emphasize that none of these options is 100% perfect security. Given enough time, any of them can be cracked. They're not designed to be perfect, they're designed to protect your data long enough so you can do this:
4. Make use of Android Device Manager (or alternatives) to initiate a remote wipe of your missing device the second you discover it's missing. The minute the thing goes online, it'll factory reset itself, getting rid of your payment info and biometric data (along with all those kitten photos you didn't want anyone to know you have).
Oh, I almost forgot Item Number 5, but as fair warning, this is in fact taking a sharp stick and whacking it around the middle of the beehive.
5.
Do not use removable storage! Any data stored on it will be saved from a remote wipe when they remove the card from the phone, and then they can take their sweet time cracking the encryption on it. If there is any, since people probably didn't encrypt it so they could move their 90,000 songs and 500 movies to their new device every 6 months instead of actually managing their mobile library and deleting what they don't use. Besides, given how slow SD cards are to begin with, encrypting them would basically make them unusable anyway.</rant>