@Anomnomnomaly erm, not sure if just not using it is the right way. Use QR codes with a scanner that tells you the target. If the target is phishy / URL shortener, whatever, then don't go further, else use it.
I would recommend the app "QR Scanner" by @SECUSO_Research https://f-droid.org/packages/com.secuso.privacyFriendlyCodeScanner