While Arduino Strings on AVR are very very safe, even when they run out of memory, (see my tutorial on Taming Arduino Strings )
there are two statements that can cause memory corruption
str += str; // concat str to itself (Edit)
and
statements like
String(1.0,40); // and similar were result exceeds the local buf[33]
These have been fixed in this version of WString.cpp for AVR boards.
A pull request has been created on the Arduino AVR core.
Edit - New development of String takes place on GitHub - arduino/ArduinoCore-API: Hardware independent layer of the Arduino cores defining the official API
In that code there are fixes for these two issues. So the pull request was closed.
BUT.. both these issues have been known for some time and not fixed so you may need
Edit - While waiting for the ArduinoCore-API to be released you need
to apply the fix yourself by replacing the WString.cpp in arduino ...\hardware\arduino\avr\cores directory with the revised one above.
OR
Given how obscure the bugs are you could also just ignore this fix and just don't use
str += str; // i.e. don't try to double str by adding it to itself (Edit)
and don't create Strings from large floats with lots of decimal places specified.