Can the QR code be considered safe?
Yes. The QR code contains information about the session which in turn helps if changing from one device to another. If you begin a legitimization process from a device which is not your phone (e.g., online bank via PC or Mac), the information will be transferred to your phone to complete the legitimization.
A QR code taking you to your phone will be generated. The QR code tells the BankID app to start a legitimization process towards the bank / user place that have requested it. A reason will also appear on your phone, so you can make sure the context is right. The contents of the QR code are unique for each session and if the code is not scanned within a specific amount of time, it times out and you have to start over. The code does not include any sensitive information about you, and it can only be used once for its given purpose.