"Never scan public QR codes" is functionally equivalent to "never type in a URL and never click on a link". Other than the smallish scan-specific attack surface that you mention and then largely dismiss, there's nothing that makes QR codes more dangerous than any other way of delivering links.
It's somewhere between impractical and impossible to evaluate a URL and know anything about its "safety". So if you can't make your Web browser impervious enough to tolerate basically any crap a server may send back to your satisfaction, then your only answer is a total walled garden.
Well we are as sadly so often in the world of only "black and white" discussion without ignoring gray areas.
While i pointed out that i think that the claim of public qr codes are always safe and cannot pose any danger is wrong, i also didn't state you should wall yourself in and handle like everything is f0rk3d.
You, as with everything in life, should evaluate whats worth risks and what not. Scanning a QR code in a museum linking an audio track to describe the exhibt, scanning a qr code in a restaurant for a menu, scanning a qr code from a sticker on a traffic light.
These are 3 completly different scenarios that can be weighted different and therefor not be answered with a single "yep good/bad" for every situation. My initial point regarding the article was that i don't think stating scanning public placed qr codes is always safe. People should not just NEVER scan a public qr, but they should understand possible risks, they should learn how to evaluate which risks are worth taking, and also learn what thinks they should look for. My point is that of make the public more informed.
It's somewhere between impractical and impossible to evaluate a URL and know anything about its "safety". So if you can't make your Web browser impervious enough to tolerate basically any crap a server may send back to your satisfaction, then your only answer is a total walled garden.