That depends if the wifi router has a firewall that is also activated.
Just type in the gateway's ip into the browser and check out the router settings.
I guess it is deactivated because it takes a bit of extra work to configure. After all computer idiots are freaked out by any popup and with an active firewall there are a few of those "do you allow app xy access".
They probably should do it like Windows and tell the user properly to activate it or at least think on it a second.
Technically you need a firewall on OSX just as much as on Windows. Yet there are very few attacks that target any osx service and thus you are fairly save unless there is anybody who specifically attacks you. On Windows there are worms that do harm but are so easily blocked by a simple firewall. Still a firewall just blocks some stuff but an attacker still requires some listening service that well listens and can be corrupted to do any harm. Hacking computers is not as straight forward and always possible as they make it look like in movies. Where the genius can hack anything in a rather short time with his notebook and web access. You can set up a linux server that is impossible to hack for the best of the best computer geniuses but it is a rather stripped down thing. The more stuff an os can do, the more apps are installed, well everything adds potential holes that can be exploited.
I think the most use of a firewall on the os level for the normal users is to make them aware of what apps access the web and offer a little bit of control. If there is the odd app that should only do something locally but asks for web access you can block it and whatever it might do with its access is blocked. It is one way that could prevent spyware and bot nets if people took a little care.