I have a really hard time ordering. After spending time doing security I do not trust QR codes. They make me really, really uncomfortable. To the point I wont eat at a restaurant with them unless someone who is not as paranoid will get the menu.
They can be used to start an exploit chain on a phone. I’ve seen 0-days personally that root a phone by triggering a drive by download. The other issue is they are unauditable. You have to almost go to the link to discover what is there. This is a problem, for example, when shell code can own the camera itself.
Aside from me, what about people without phones?