Although it's good that Windows forces you to set WPA encryption for this feature, users have to be careful to set a strong password, and to disable this feature when not using it. Otherwise, it becomes easy for an attacker to use your wireless access to get into your internal corporate or home network.
From the corporate IT perspective, this means that every laptop is a potential rogue access point, and since SoftAP does IP address translation, an attacker's traffic would look like yours, making it hard to detect.
Home users won't use SoftAP much, since their devices will connect to their home wireless anyway. Someone going to an airport or hotel, on the other hand, where they paid for a single connection to the wireless network, would gladly use it so they can easily get several devices online at once sharing the same connection. If you use it, use a strong WPA password, and use WPA2 if possible, and turn off the SoftAP feature when finished.
Corporate IT departements may want to disable SoftAP entirely, using Group Policy settings. To detect SoftAP use on the network, companies may need to deploy wireless intrusion detection.
Errata Security has a good writeup about SoftAP and some thoughts about the risks.
