NTLM authentication and non-domain joined computers accessing shares on a domain

Yes, that is the case, though there are reasonable steps you can take to make NTLM authentication ...less risky. (But not risk free.)

Use long passwords

NTLM passwords are still digested using a relatively weak hashing scheme, with 8 character passwords being reasonably crackable in approximately 2-3 hours.(Source 1 Source 2) The traditional advice was using passwords at least 14 characters long, though that no longer stands because since Windows 2000 passwords are no longer digested by each 7 characters sequence, so essentially password length comes with linear benefits now. (Source) 14 isn't an unreasonable length to start with though.

Enforce use of NTLM version 2

You can use Group Policy Objects in your domain to enforce this in domain members if you haven't already, though on your non-domain computer you can use the Local Security Policy to set the same setting. You'll want the "Send NTLMv2 response only, refuse LM & NTLM" option. That being said when the two computers talk if only one of them (e.g. your non-domain computer) outright refuses LM and NTLMv1 the other computer will be forced to use NTLMv2 anyway, so you can safely apply this change to just your non-domain computer. This will only fail if the domain computers are configured to not support NTLMv2, but that's just outright daft.

On your non-domain computer you can do this as follows:

• Open Administrative Tools via the start menu or control panel
• Open Local Security Policy
• Navigate to Local Policies then Security Options
• Scroll down to Network security: LAN Manager authentication level
• Change the value of this setting to "Send NTLMv2 response only, refuse LM & NTLM"

There are of course plenty of other security options you can configure around this one to enforce use of only the toughest connections, though from what I've seen Windows 10 already had good values defined for most of them.