Normally, you're re-enrolling your biometrics not creating a new account.
To re-enroll biometrics, you need to prove your identity by some means first. So in principle its not that easy to overwrite someone's biometrics.
Of course, if your other auth methods are compromised then sure, someone can wipe your biometrics from the device and enroll new data.
Thats not unique to biometrics though. If your password is stolen, the perp could change your PIN, contact number for OTPs etc.
All Your Base Are Belong to Them...
On the topic of how biometric IDs work; the op is correct, the detailed information never leaves the device.
It is stored in a one-way hash on the device. That means that even if the device is stolen, the biometric info can't be extracted, only compared to.
Also, its not like on the TV, when they have an actual scan of your fingerprint. That's a very old, insecure tech. Nowadays a capacitative map is created which is then reduced to the key features, and encrypted via a one-way process. Imagine taking an aerial photo of London from an angle, and writing down the coordinates of London Bridge, Big Ben, Buckingham Palace and a few more places. A set of numbers which you encrypt and store as your enrollment data. Does that matter? Yes, because even if you could break the one-way hash, you still wouldn't have a photograph of london, just a bunch of coordinates which you can't feed into a scanner.