So as when your bitcoin address is requested you can just send the image for scan to prevent your Bitcoin address from being tempered with.
The flaw is in the bold part not in the data format.
Your mistake here is that you think just because you change the format from a simple string (address) to a simple image (QR) you are providing security. But it is just data in a different format and malware that can manipulate the string can also manipulate the JPG/PNG/... too. In fact its very trivial to write such a malware.
To solve the issue the "send" part should be addressed. For example if it is being sent through the internet, an additional encryption layer could be used like signing the address using a GPG key which the receiver can verify independently to ensure authenticity.