Re: Safe for me
There's no auto-run on Linux. It's a safe practice to plug in random USB sticks.
Depends on your enemies.
It's not hard to build a USB stick that charges up a capacitor to hundreds of volts and then releases its charge down the USB signal wires. Exit USB port(s) if you are lucky, whole PC if you are not.
Or the stink-bombs and pyrotechnic devices discussed above. Borderline illegal, but even so ....
The security services and expensive private espionage services are reputed to have USB sticks that will run through a repertoire of system penetration attacks by doing things on the USB bus that no USB stick (or no legitimate USB device) would do. The simplest and most obvious is to emulate a keyboard and/or mouse...
If a random luser can mount a random USB stick then next thing you know he will be opening files with various media players and libraries, all of which can tickle bugs which in turn might result in any data that the random Joe can access being deleted, corrupted, encrypted, or e-mailed to places that they shouldn't be. I wonder how many such bugs are currently known only to the black-hats out there? So even if your system has all the latest patches installed, are you safe from bigboobs.mp3, cute_kitten.jpg, payroll.ods, 00reward_for_safe_return_of_this_memstick.doc, ...
Finally what about a USB stick that works perfectly normally for reading and writing, but also contains a battery, microprocessor, and (non wi-fi) wireless device? Plug in, do full device write, check, reformat, pronounce safe, re-use. Exit whatever corporate secrets you stored on it through the nearest window or wall a few hours or days or months later.
Oh, and in respect of this last one ... how sure are you that the virgin USB sticks you ordered from Amazon or wherever haven't been doctored? Especially if your employer is in a similar line of work to Mossack Fonesca ....
Read Alice in Wonderland again. "Eat me". "Drink me".
Good luck.