how password in the QRCODE is generated by web.airdroid.com? your server provide to generate QRCode with password asimmetrically or this one is spoofed by the phone? In the first case there could be, by reverse engeenering some one could be able to generate key as the server!! :-\