For the last year, mIRC now holds roughly(!) 4000 bytes of data in strings/variables/results-- this limit is not universal across mIRC, though I believe this is now the limit for DLLs. If not, ~900 should work.
would it be safe for me to free() the memory `data` points to and point it to some memory I've allocated myself?
No, it would be extremely unsafe for you to do that.
The char *data is pre-allocated and managed by mIRC. It is used after the dll call to read results, specifically:
strcpy(data, "/echo -a hello world");
return 2;
If you free()'d data, mIRC would crash, either by attempting to read invalid memory or by free'ing already-deallocated memory.