DMZ is NOT safe at all.
What DMZ does is when it is turned on, ALL data that is sent to the router is then forwarded on to that computer regardless of whether it is meant for it or not (the data does go to the computer it is meant to go to also). That computer that is the DMZ'd computer, then can use that data however it is set up to use it (so servers can be set up for this if you don't want to play with port-forwarding on the router).
Now, yes you can use software firewalls then on the computer, but the problem is that a router uses NAT to address the computers within the local network. Now, NAT provides a huge security advantage as you cannot easily connect to a computer past the router from within the Internet (read how NAT works).
With a DMZ, it means that someone can easily gain access to the DMZ'd computer as there is no need to worry about NAT as all traffic goes directly to that computer.
So it is generally advisable NOT to put a computer in the DMZ. Always use port-forwards instead, as that way you choose which traffic goes where, rather than completely opening up the security on your router.
Anyway, thats the basics of it. Yes it is a huge risk.