Unless he has a firewall, people can get a ton of information about him and his computer through a Null Session. There's also a lot of stuff open, listening for connections, which is never secure. Having stuff running (listening) that you don't know what it does is never a good idea.
They can get the file names of files in the root directories of my hard disk partitions. Beyond that, I have file permissions set. Root files have read-only access to Everyone.
When I reformat, I turn off DMZ to my machine until I get it patched. Running SP1a or SP2, I've never had a problem. I don't even run Windows firewall.
On a sidenote, make sure the newest patches are applied. There's exploit code out for another SMB vulnerability which can explode if somebody creates a worm from it.