Many people haven't really got the slightest clue what a firewall is and what it does (or more importantly, doesn't do).
* it doesn't protect you from viruses. The mac doesn't have any.
* it doesn't protect you from malware/scareware/trickware
* it doesn't make your connection secure
* it doesn't stop people from spying on the stuff you send out over a wireless network
* it doesn't prevent remote hacking into your computer. Your Mac does that, not the firewall.
Here's what a firewall DOES do:
1. It protects against Denial of Service (DOS) attacks. Fairly rare these days, usually directed against websites not individuals.
2. It can provide a log of computers/IP addresses that ATTEMPTED to sniff your security. Because you are on a Mac, they didn't get anywhere, and wouldn't have even if the firewall was off.
So, the moral of the story: the software firewall doesn't really do anything to protect you, assist you or help you in real-world conditions. It can, however, conflict with hardware firewalls and cause issues with programs that need to connect to the internet.
Thus, the "best practice" and the way Apple set it are one and the same: leave it off unless you have a very specific reason why you need it on.