I don’t quite get what the point is. No matter how good you encrypt the server name, the destination IP address will always be visible. Are there that many webservers sharing the same IP, that this makes a noticeable impact? Am I missing something?

Hard disagree. I do not want to have 2FA for every shittly little thing I do not care about.

QR codes are just an encoding. Just use any half-competent QR code app, and it will give you it’s content, which you can then write down. For the reverse you can use any QR code generator.