When scanning the QR code there is still a missing user interface which is not yet accounted for. While technically it doesn’t affect the WalletConnect standard, it should be documented as a best practice. Just like OAuth you are informed of the permissions that are requested and the name of the third party, prompting the user to approve or reject this “connection”. Example with Twitter OAuth:
With WalletConnect, the user should be prompted after scanning the QR code to allow certain accounts and approve the connection. I think something similar to what MyCrypto does with mnemonic phrases would work.
Alternatively, the best practice could be to simply display the Dapp name and request user’s approval for the already selected account on the mobile wallet. Perhaps add some advanced options for selecting other accounts or multiple accounts.