dylan said:
My understanding is that the firewall keeps out hackers. Without one someone who knows macs could access your information. Particularly if you aren't passworded.
Ok, if you aren't behind a router or other hardware firewall, and you have no password on your account, AND you turn on filesharing or remote login, the software firewall isn't going to do you a bit of good one way or the other--your Mac will have the relevant ports open, and there's nothing stopping somebody from just popping in to do whatever they want.
Roughly equivalent to leaving your front door wide open on a busy street in a bad neighborhood. Heck, if you have that setup, you're essentally inviting visitors in--it could barely even be considered hacking.
In simple terms, if you turn off all sharing services, turn on the firewall, and turn on stealth mode, your computer will be pretty much secure and there's no measureable performance diffference. The only disadvantage to this is if you're trying to use some software--BitTorrent, for example--that needs to accept incoming requests for information. Surfing the web, getting email, etc, is different--in those cases you're the one asking for the information, so it works fine with or without a firewall.
If you want a more technical description:
All the OSX firewall does is block incomming connection attempts to ports that you haven't specifically opened. This would protect you from an unknown vulnerability in some particular service (even if the service was vulnerable, whatever port it's listening to isn't accessable from the outside), or from a malicious and/or insecure application that is listening to some port but not smart enough to open it.
In theory, so long as there's nothing wrong with the OS and you're not running any untoward applications, you don't technically need the firewall on--the firewall just protects you from security problems you don't know you have yet (unpatched vulnerabilities, that is). That said, it's a very good idea to turn it on for exactly that reason.
Turning on Stealth Mode takes it a step farther--that means that your computer doesn't just say "no" when something tries to talk to it, it doesn't even respond. So, in effect, if you have no services enabled, your computer is invisble--it gives no indication from incoming requests that it even exists. Now, if you have any services turned on (file sharing, for example), then your computer WILL respond to that port, so it doesn't do you much good--it protects you from nasty things casually "pinging" random addresses looking for computers to mess with, but if something/one is portscanning your address, it will get a response when it eventually hits the open port, so it'll know you're there. At that point, your security is only as good as your password.
And that applies to every situation outside of a hardware firewall/router: If you have any sharing services turned on, your security is only as good as your password.