SSJGouKi, there's a security principle called defense in depth - briefly, don't make your security depend on just one piece, but layer different and redundant pieces on top of each other to increase the probability that at least one will protect you.
The theory (and the should be) is that your operating system is secure against network attacks. If you're running Windows and not inside MS's PR department, you should know that's not the reality. So rather than trust the OS only, you put a firewall between it and the outside world, an extra layer of defense that supplements the OS's own security mechanisms, in case they fail you.
It is very important that the firewall not REPLACE proper OS security - this leads to an effect known as "crunchy outside, chewy inside" - once you're through the firewall, you're in. The firewall is merely an additional layer.
The other thing a firewall does is adds a convenient administrative point to apply policy to the network. For example, controlling just what's allowed in and out. This is not necessarily a security issue, but rather a policy and control issue. It can also be used to do accounting.