The biggest holes in your firewall, generally, are the ones you put there. There are tons of programs that have some form of virus hidden that connects to a server of some sort, be it IRC, a given IP, etc. and sits idle until it's told to do something. Often this is used to "hide" an IP when someone is doing something illegal, and can often route through several machines, or your computer may be used in a DoS attack.
These attacks are prevented if your firewall is not one-way, meaning it allows any outbound connection, but not an incoming. The failure in this situation arises from the fact that this trojan initiated the connection.
Any other opening in a firewall is generally either put there manually or is the result of bad code. But no matter what, never fool yourself into thinking you're secure, unless your computer is completely cut off from a network. And it's as simple as that. The same, obviously, goes for virii as well.
EP, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS