The QR code in question was used by Bitmit (note: I am not accusing them of anything; the amount encoded was in this case the correct one.) The wallet software was Andreas Schildbach's Android app. Perhaps a confirmation screen in said software would be a good patch.
I honestly don't see Bitcoin transactions happening in brick-and-mortar businesses. The time to clear a transaction is just too long. This is not a problem for online businesses, however.
There's a nice bit about that in the Wiki:
https://en.bitcoin.it/wiki/Myths#Point_of_sale_with_bitcoins_isn.27t_possible_because_of_the_10_minute_wait_for_confirmation.
Basically, for purchases of modest value, it is considered reasonably safe to go through with the physical transaction without any confirmations, just watching for the transaction and any double-spends. Getting away with a double-spend in those conditions is difficult enough that nobody would bother to do it just for something worth significantly less than, say, the current block reward.