In bash, the OS-enforced limitation on command-line length which causes the error argument list too long is not applied to shell builtins.
This error is triggered when the execve() syscall returns the error code E2BIG. There is no execve() call involved when invoking a builtin, so the error cannot take place.
Thus, both of your proposed operations are safe: cmd <<< "$string" writes $string to a temporary file, which does not require that it be passed as an argv element (or an environment variable, which is stored in the same pool of reserved space); and printf '%s\n' "$cmd" takes place internal to the shell unless the shell’s configuration has been modified, as with enable -n printf, to use an external printf implementation.