@darius I don't know much about QR codes, but I thought part of their deal was that they could encode other things that devices could still recognize. Thinking of this old blog post about using them to pass wifi credentials: https://a.wholelottanothing.org/2019/12/17/making-painless-guest-wifi-with-qr-codes/

Not sure if there is actually additional risk there compared to URLs, though!