Sorry all for the delay of my answer.
@Mlrollin91 Thank you for you advice, I will do what you suggest about 2FA. It's definitely a bit boring to write so many alphanumeric characters with the PC and to wait for an sms every time (also 7-8 times in one day), but it's the only solution.
@FatalFallacy Thank you so much for you explanation: you explained very well what my questions were. I like when someone explain me something technical about my questions. In this way I learn something more on technology without reading tons of text in tons of web pages.
About QR code, I still can't understand why (technically speaking) it offers no more security than a visible password consisting of letters and numbers. A QR code (based on what I've read on the web) is an image with hundreds of pixels that can be ordered with a large number of combinations (pixel on and pixel off) more than 100! (about 1 /10^150 of probability to be discovered); an alphanumeric password with other characters like '/', ';', and so on and with, for example, 10 characters, could have about 1 / 10^20 of probability to be discovered.
Even if a bad person could scan the QR code, decode it to obtain the unique web link for the connection between my iPhone and the PC I use and try to access into the existing connection I've created between my iPhone and the online service provided by Apple and that I use through the PC, Apple service could block/stop the access by the other person (the bad person) in order to allowing only the access between one iPhone (the mine) and the PC I use.
If the bad person uses a different PC than mine to enter inside my connection, the Apple service would discover it because, in Internet, an online PC or device has a unique address (am I wrong? remember: I'm not an expert, I want only to learn more about security, just for curiosity. I don't want to impose my idea, I just want to discuss the problem).
@hwojtek
Indeed also (also) to make phone calls...
Why, if the only person that could use the iPhone app on a desktop is the owner of the iPhone and the same person in front of the PC he is using?
In my question for you I suppose that the Apple service I hypothesize here is the one described above (see my answer to
@FatalFallacy): only one connection between two devices is allowed, not like the current way based on several devices that can be linked to iCloud at the same time (with the current way, that is still very usefull undoubtedly, I could have more than 1 device linked to iCloud, and this thing is a security issue under certain circumstances, for example when I want to be sure that only my iPhone is linked to iCloud. When I receive, by Apple, a notification email about a login performed by an other device, it may be too late and some data may already have been read or copied by unauthorized persons).