I made the assumption that our LIMITED_STRING was enough to prevent any effects of memory corruption, and for that I apologize to everyone.
In the future we wont base any production code on any untrusted user entered field ever again.
In my mind, the most effect the nickname could have had in the map was : Swear word (and we added code to remove those) and length, sorry guys.
In Evolution we will check every outside entry point in the smart contract processor.
I appreciate the candor, and yes not trusting any user input is a great default state.. (intentionally or not User's are most often the cause of systems going awry)
I'll admit I didn't consider special characters having an impact either..