Security – How could PSBT handle the data capacity limit of QR code?

QR code has a very limited data capacity. (According to Wikipedia) A single QR code can only contain <3 KB of binary data.

It's not uncommon for a PSBT to reach this 3 KB limit, especially for those who spend non-SegWit UTXOs.

SegWit offers the possibility to sign input values. However, to sign non-SegWit entries in the offline / hardware wallet, complete data from previous transactions is still required to validate the input values. Otherwise, it could be a security issue: A malicious party / malware could secretly manipulate the submissions to trick the user into paying an unexpectedly high amount.