First off, this is an awesome looking project weex. Thanks.
As I get it - you tell blockchain.info an address where they should forward all payments and the users just get one-time addresses from blockchain.info so they can be distinguished from each other. Right?
Why not use BIP32 instead? This would also create a LOT of unique addresses, but you can keep the main key to yourself (even offline).
Also a bitcoin URI might be nice for people with desktop clients additionally to that QR code.
Is it possible to withdraw as well, or is this rather a one way money sink?
+1 for BIP 32, this would be a great use case for BIP 32 and a great place to show it off (both of these are also true for any website that needs any real speed generating keys without trusting the server with the private key).
https://en.bitcoin.it/wiki/BIP_0032 - Short version: Using math to generate keys in a deterministic fashion. More private or public keys can be generated from an extended private key, and more public keys can be generated from an extended public key. The server can make new addresses on the fly without any sensitive information.
I would assume this would usually be one-way, though bi-directional exchange would be an interesting way to reward people, although a certain exchange rate would have to be picked and may need to be changed each time someone withdrawals. And since forum points are usually unlimited while money is not it may be hard to balance.