It is my understanding that Disney DOES store an encoded hash of every guest's finger scan that participates. The hash is a simple one, taken from 5 points on the print (there would be no way to recreate your fingerprint from the small amount of information they store). All that is important at the gate is that those 5 points from today's scan match (more or less) the 5 points initially measured. The probability that someone else using your ticket would match your original print measurements is very small, and that's enough for what Disney is trying to achieve here.
The same is true for facial recognition. 9 distance measurements are made around points on your face and then those numbers are stored, to be used the next time you enter. Again, there is no way Disney could recreate enough of your facial features to make the stored data useful to a hacker - they just want it to match your new scan every time you enter the park. Currently, and for this test, Disney is storing the entire facial image, as well as the individual measurements. This is a test after all, and they need more information than normal to debug the system and algorithm. Once the test is complete, Disney will erase the full image scans as well as the test measurements. If they decide to put the system into full time use, they will start from scratch using the basic measurements only.
In both of the above situations, the stored data is encrypted. The encryption is very similar to that used to store your banking website password (that's why you can't get your human-readable password restored by the bank should you lose it). The original measurements (or banking website password) can not be recreated from the encrypted data - the comparison being done when you re-enter the park are between the data encrypted at the terminal and the stored, encrypted data in the database, making it almost impossible for a hacker to use that data after possibly hacking the guest database (this would be the same for stored credit card numbers, and other sensitive information that you gave to Disney). It's really a one-way street because the original human-readable numbers never directly leave the gate area, only encrypted data.
The goal, of course, is to both cut down on guests illegally sharing the ticket(s) and to take CMs out of the security loop (as unreliable). And just like most loss-prevention method, being 100% effective is never really achieved - but Disney will keep trying new things to bring that effectiveness as close as possible to 100% as long as the cost of the system doesn't overshadow the small loss they are trying to fix. Another example of this would be shoplifting. Disney has cameras and under cover security at work to prevent this but they will never catch 100% of the shoplifters. They would need many more security persons ($$$) and many more cameras ($$$) to do that. But as long as they can keep the losses down with the staff they have, it's enough.
Side note: WDW security does also have a full featured facial recognition system. It's expensive and operated manually. The only stored data on that system represent those that have been flagged by security for one reason or another (banned guests for example). The stored data is on a system that is not connected to the internet, or to any other internal system, and thus even more impossible to hack.
That's my understanding anyway. Sorry I went on a bit long...