1). The router only blocks incoming attacks. If a trojan, worm etc gets onto one of the machines on your lan your data (PW, Credit Card#, Soc Sec#, keystrokes, etc) can be broadcast. Or your router can be opened up if it is not password protected. (Change that default.)
2). If one machine on the net is infected then all others are vulnerable too.
How would one machine get infected?
-USB memory stick
-Someone opens up the router DMZ or Ports and lets the world in.