There are 2 reasons for saying such things. 1. Microsoft itself finds bugs and upgrades it when any such attack is observed. 2. You can easily make such an exception that could lead to a very severe attack.
That depends from version to version but you can find some good articles on firewalls and ethical hacking here http://www.go4expert.com/forumdisplay.php?f=55
They say so because a NOOBIsh ( >.< ) user like me can break into a XP box in minutes so they say it is awesome S.H.I.T