Presumably based on the wording of the patent, the QR code just contains a URL from which to fetch the actually instructions for the car. Thus I would assume there are security measures built into the instruction retrieval, SSL or some other authentication/encryption scheme. Thus simply changing the QR code wouldn't allow forged instructions to be sent to the car, you'd have to break the security on the data link.