I've done some work for using QR codes to transfer data between computers specifically since I have moved to Armory. It is a Java based application, so it probably won't work well on a RPi with so little RAM. The source is out there on the interwebs, but I haven't fully thought out what license I'd like to use. If there is an increasing interest in it, I'll work through those issues so people can use it/build on top of it.

That said, I'm not convinced a hardened version of it would stand up to a persistent attacker. At the end of the day you're going to end up using a library or re-inventing the wheel and either one will have it's own set of vulnerabilities to side-channel attacks. I believe it to be safer than USB since there is no bootability issues and it is hopefully less likely to "auto-play". It also gives you a lot more control of how much/when data is transmitted or received and you can verify the payload against a third party device if you are paranoid.