To make it safe you should probably NOT remove it, essentially allowing any GUA to server as your DHCP 
However, while XFinity configuration is strange, it’s not prohibited by RFC. To make it secure do not remove the
src-address=fe80::/10
, instead change it to
dst-address=fe80::/10
. This essentially ensures that only a relay with LLA can provide a DHCPv6. Since LLAs aren’t routable, thus anyone outside of your local link cannot spoof and deliver you a packet with dst carrying LLA and mess with your link. If this is confusing, check more on IPv6 address types: https://www.networkacademy.io/ccna/ipv6/ipv6-address-types
Thus, the full rule will be:
/ipv6/firewall/filter add chain=input action=accept protocol=udp dst-port=546 dst-address=fe80::/10 comment="defconf: accept DHCPv6-Client prefix delegation."
In addition, enabling RA on untrusted WAN links you don’t control, as suggested in http://forum.mikrotik.com/t/looking-for-help-debugging-ipv6-issue-with-xfinity/170749/1 is less than ideal. While it does work, it relies on a weak security assumption that Comcast configured their network properly with respect to RA filters. I wouldn’t count on that Instead you can simply manually add a blind static default route via WAN interface:
/ipv6/route/add disabled=no dst-address=::/0 gateway=ether1 routing-table=main
That’s it - no adding ND, no enabling RA, no opening the firewall to any DHCPv6 server out there 