What I would do it when scanned it will connect to a private domain which has malicious php code which can do many things like, camera, cookies, ip, phone data, ect. This way it saves memory, smaller qr code and its faster. I really like this idea though im definitely gonna try it out!