Permissions issues. You need to deny access to non-domain users. That is all. The server has an IP so it will be visible to workgroup machines, or any system for that matter unless you are running a complicated firewall / router setup.
thanks for response - so why is it bad to allow access to non-domain users?
the majority of my (inherited) users are on XP home, which obviously don't join a domain (legitimately), and upgrading them all to 7 pro will be quite an expense
it will happen, but not right away
anything i should be wary of?