kathmandu Hi and welcome.
Let me begin by expressing my sincere concern and regret at learning what you've had to experience. I hope your loss is limited to material matters which can be replaced. Please feel free to reach out via our support system should you have any private matters that I can continue to assist with.
To address your question:
While it may be possible to guess a screen password, this will not be adequate for anyone to gain access to the passwords in your Spectre app – these are locked behind biometrics exclusively. And while nothing in this world is 100%, Apple's biometrics come as close as possible and have been extensively scrutinized and evaluated by professional independent labs with far higher budgets than petty criminals.
It sounds like you've already taken the important actions – I am curious if you had enabled on your device the setting to automatically wipe the data after several failed authentication attempts. FaceID will most likely be turned off already by now, since many factors will immediately disable it, such as power loss, seeing the wrong face, etc.
Please make a mental note of the strength of the Spectre secret you used with the app. We typically recommend a 3-4 word abstract sentence. If you feel your Spectre secret may be weak or may be contained in short password dictionaries, this is a good reason to consider invalidating your Spectre secret early and starting anew with a stronger one.
If you feel confident in the strength of your Spectre key and are certain you have not written your Spectre key down anywhere in clear text, such as in a note on your phone, you are likely safe.
With that said, after such an event, it is worth considering starting anew with a new Spectre key anyway. If you have a backup of your Spectre user available, or have been able to recover your phone's data through eg. a smartphone backup system like iCloud backups, and you are considering starting anew, my recommended approach would be to start with an clear-text export file of your Spectre user, which will contain every site you've used, and their old (current) passwords for them. You can then go into the Spectre app, long-press your Spectre user and change the Spectre secret for the user to a new one. This will cause all site passwords to change in the app. You can now go through your clear-text export, alongside your Spectre app, and change every site's password from the old to the new.
Please tend to your own safety and primary needs first – certainly in the initial weeks, your passwords are likely safe. Breaking FaceID or Spectre's hashes stored on the device is a highly improbable feat which should require state-level resources.