I would be interested to see the mathematics behind their claim that a picture password is more complex than (what I assume is) a typical android log in password. I would imagine it would be a little more tricky for any malware to capture a password. Capturing and determining which mouse clicks (for the PC case) are significant is considerably more difficult that analysing the output of a keylogger.
Looks interesting, i think there is a lot of room for innovation around how the picture is displayed so you can reduce the risk associated with people looking over your shoulder and snapping a picture of what you did. I think you could possibly even get into patterns where the picture always changes, but has a common theme. I.e. you need to click the woman, man and pet.