>
> I'm imagining myself walking around broadcasting my photo and MAC
> address while hucksters push payment requests to me for approval


I hate to break it to you, but you broadcast a photo of your face every
time you walk outside ;)

Bluetooth MAC addresses are random, they aren't useful identifiers. If
someone can see you, a face is a far more uniquely identifying thing than a
MAC.

"Payment spam" might be a problem. I can imagine a wallet requiring that
such requests are signed and then spammers can be blacklisted in the usual
fashion so they can't push things to your phone anymore. Anyway, a hurdle
that can be jumped if/when it becomes an issue.