How safe is SMB exposed to internet?

At face value, both protocols are equally insecure, however, I suggest that SMB represents a bigger problem. Let me explain.

There are few targeted attacks that focus on Mac OS X systems, compared to thousands (millions?) that target Windows.

By running a public-facing AFP server, an attacker can assume you're running a Mac OS X-based system (not necessarily, but likely), therefore most of his other attacks are going to fail.
By running a public-facing SMB server, an attacker will assume you're running a Windows-based server and will immediately start probing your server with all the other Windows-specific compromises/attacks, etc.

So even if the protocols themselves were identical from a security standpoint you're just waving a bigger 'Kick Me' sign by running SMB.

$0.02

A common security goal is to reduce the attack surface; the amount of "stuff" that you have to monitor and maintain and track and keep updated. To close all possible ports, and to secure access.

This also isn't only about what might be wrong with AFP or SMB or another protocol (now), it's about what might be found wrong (in the future). And how fast that knowledge might spread; vulnerabilities can be nasty, and botnets are perpetually testing exposed servers, and variously ahead of the patches from the vendors.

As should be clear from the other thread, exposing one of my core file systems to direct attacks is not typically something I typically prefer to implement. VPNs are easy (particularly with an external gateway) and (while very far from a panacea) can help keep more ports plugged.

This port-level discussion is just one part of the whole; of having good and tested backups, of appropriate internal security controls and auditing, of certificates in preference to (or in addition to) user-selected passwords, of access revocations, data encryption, and of finding your core data and protecting that.