N1ghtstalker: You are, as you suspected, mostly wrong. A properly-configured, secure firewall will prevent people from accessing your shares. (That is not to say that you shouldn't bother turning them off, after all, defense in depth is good.)

If you have taken standard precautions, then 3 risks remain from p2p:
1) The p2p software itself, or rather, the spyware it installs. You're using Kazaa, I hope you meant K++, right? If not, burn Kazaa, and get K++ and adaware
2) 0-day worms. The anti-virus people mostly just stop existing viruses. A worm that piggybacked off Kazaa could spread very quickly, so you might be infected before a fix was available.
3) The "justice" system. (If, that is, you live in the U.S.) As mandraketux mentioned, the RIAA is not your friend. They can force your ISP to turn over your real name, then drag your ass into court. They do not need any evidence of wrongdoing to do so. The state will not provide an attorney for you. Your only defense is to look like a small-time operator. You are using K++, right?