That does strike me as a risk.  

That said, if an address is completely incapable, even hostile to validation by human eyeballs, then what happens is “trust” migrates to using a bunch of tools which are forgeable, spoofable, hackable, trojanable.

The resultant risk might be worse for its greater resistance to detection.

    -a

ps: for an investigation of what happens when you build a “communities” app around “non-human-readable” barcodes and without a discovery mechanism, see this article; such innovation gives me great hope for humanity finding solutions to apparently high-friction technologies, but it also clearly hampers broader inclusiveness, the latter arguably being one of Tor’s most important goals: