You could argue the same thing about writing down your passwords anywhere in real life. I think this method will still be relatively safe even if it is common knowledge, because nobody will know for sure which service and which QR code it is, out of many that you may have lying around normally.