I agree this is more hassle but the QR code implementation is only fine if you trust that some EU governments or companies won't try to abuse the system in the future. I'm not saying that this will happen but why not design the system so that it is not possible?

If verifier app will at some point start pinging some server having a QRCode in PDF or printed on paper won't save you from someone tracking all places you are going to. Imagine how useful it can be for tracking some politicians, activists or journalists and correlating that check-in information who they might be meeting with.

I think you can totally print the current QR code on a piece of paper and show that to someone. It's not more or less safe than having it in an App.

The QR code is essentially like a Covid-only digital vaccination pass; it doesn't provide any more or less information.

The only valid point in pzo's original comment is that a scanner app from a bad actor could collect the personal information within the code. So we need to be able to trust that the person scanning the QR code is using a legitimate app.

I'm not worried that much about personal information (that someone will know that someone has been vacinated). I'm more worried that this personal information can allow tracking (politicians, activists, journalists, etc.) in an automated way in the same way cookies, etc. tracks us today while browsing.