[EduardoBautista]

I've never heard of this domain before, so I shouldn't click on it because vulnerabilities in the browser are still routinely discovered.

Sorry for the sarcasm, but if you trust clicking on links in a browser, QR codes should be fine as well.

[fiddlerwoaroof]

Yeah, if your threat model involves not trusting links, you should be disabling JavaScript and CSS by default and probably not browsing the web in the first place. Libpng and other libraries frequently have fairly critical bugs that are a bigger concern than MitM attacks.