If the capabilities of a subkey indicate that it's suitable for multiple slots of an OpenPGP card, then Kleopatra asks which slot to use. In case of a sign+auth subkey, it offers the Signature key slot (OPENPGP.1) and the Authentication key slot (OPENPGP.3). The Encryption key slot (OPENPGP.2) is not offered.
Erroneously, Kleopatra then uses the (1-based) index of the selected slot (i.e. 2 if the Authentication key slot is chosen by the user in the above example) as the slot to write the key to. In the example, that would be the Encryption key slot OPENPGP.2. If the card slot already contains a key, then an attentive user will notice that Kleopatra asks whether the existing encryption key should be overwritten. Additionally, the note "It will no longer be possible to decrypt past communication encrypted for the existing key." should raise the alarm if one tries to copy an authentication key to a smart card. It's still a serious bug that could lead to the loss of an encryption key.