Usually most hardware is upgradable except the graphics card. Although sometimes it's not easy to upgrade the CPU. I remember a laptop where you had to pretty much disassemble the whole damn thing to get to the CPU.
They are a good compromise between security and comfort.
They aren't unbreakable. Nothing is. But the question is how much effort it takes in order to break the lock. Besides that, the two links are for older types of fingerprint readers. Modern ones require you to sweep your finger, and last I looked, you have 10 of them. Plenty to ensure you don't get locked out if one doesn't work.
Besides that, you are using a password, and that means you should keep that password safe somewhere in case you get locked out. That's just basic security one-on-one.
But the point is not to get rid of passwords, but to make you have to use them less.
Typical example in today's world:
User uses a handful of passwords to different sites. One site gets compromised, a lot of sites get compromised. User probably doesn't even think of separating passwords for important sites. That is, he/she probably uses the same password for an important for another one and when the less important one is compromised, the important site is too.
Great, so the user wisens up and uses different passwords for all sites. Except, he/she can't remember them all, so he/she has to store them somewhere. A password manager is a good bet (it's recommended!). Except it's annoying to have to enter a long, difficult password every time he/she wants to log in somewhere, so he/she uses either a weak password, none at all, or just lets the program keep him/her logged in for some period of time. Hacker gets to the computer, opens the password manager, which shows the passwords in plain text. Game over.
Or the user uses the browser to store the passwords, either setting the master password or not (surprise, Chrome doesn't support a master password). So when going to a site, the browser fills in the fields automatically with user and pass. Except now the hacker can use very simple debugging techniques to sniff out the password. Game over.
The second two ones are often very easy to do, especially the last one. A little social engineering can usually net you the master password, too, even without the victim realizing it. Ie, get to know them and you can probably guess the password later.
The ideal situation is to store long, impossible to remember passwords for each and every site, account or whatever, do the same for the master password, and require the master password every time the login is required. But typing in the master password which is impossible to remember each time? Who is going to do that? That's where the fingerprint reader comes in. Because it's easy to just swipe your finger.