1. Can a hacker get between the router and the pc, and intercept the QR Code being send to the user?
Not if you are using HTTPS (which I assume they would be recommending).
2. In a public setting, someone could intercept the login, by scanning the QR Code before the user scan it?
It wouldn't really matter if they did as they don't have the private key needed to create the response QR (which ties into the next question).
3. Do they send different QR codes for every login? {How random is this seed?}
It uses a *nonce* so presumably it will never repeat such a value twice and no future nonce value would be able to be predicted (assuming the server has a good source of entropy).
I had the exact same idea back when I was creating the CIYAM Safe (as it uses QR codes for 100% air-gapped offline security) and I think it is likely to be the future for authenticating.
To make it even more secure if the smartphone was surrounded by a "see through" Faraday cage (which will still work with QR codes) then your authenticating device would be safe from being hacked.