You are probably not the first to hit the wall with this but one of the first to go too deep into it... The others - we just shout words I can't repeat publicly in the forum
and try to fit in. QT has developed this already in a certain way - it doesn't matter if they went too far, or their QSA is wrong and make them do it, or it is in reallity required to be that way.... I don't see QT changing how X-Payments works and one of the reasons will be cost - every time they make changes in the way X-Payments works, add/remove/modify payment methods they have to recertified the module - it's costly and takes time
To be fair it is not only QT's fault but also their QSA, PCI-DSS requlations, VISA/MC, scan vendors, banks, etc. you name it. In some areas this is so broad that you can get 100 opinions on it and how it is supposed to work so everyone involved can just interpret it the way it serves them better...
Anyway - bugs and poor design flow - that's all QT. One thing to remember also - QT are developers, coders, they are not desingers.