The risk is from anywhere that can reach the Samba ports on the A+. That's usually inside/private network only, which is a risk if any of your hosts *could* be compromised, such as a friend's laptop when they come over to play games.
Based on the vintage of Almond+'s filesets, I would say this is probably low priority. A+ is not an OpenWRT build with packages added. It's a complete fork, with most versions dating from 2011-2013. Since Securifi forked Openwrt, it won't be a matter of just refreshing source and applying packages. They'll have to reproduce a lot of the dev effort that happens on the opensource community to upgrade packages.
There's only so much dev effort, and they're still working on basic functionality.
If you wanted to build the package yourself, this was fixed in Samba 3.6.25 from 2015-02-23:
https://www.samba.org/samba/security/CVE-2015-0240 .
OpenWrt included this in Barrier Breaker 14.07 r44516 on 2015-02-24:
https://dev.openwrt.org/changeset/44516The Barier Breaker packages won't run on the A+, so you'll probably want to start with the A+ GPL code bundle from
http://firmware.securifi.com/gpl/AP2-GPL.tar.gz .
There might be compatibility with packages built for Backfire 10.0.3.1, but I couldn't find anywhere that maintains backports for that.
There's more info about building on OpenWRT at:
http://wiki.openwrt.org/doc/packages