I think firewall is a bit overkill. My advice would be to just use normally. I do. I DON'T install apps from shady sources, I just use the official Market. I have a few dozen apps installed, and I clicked through the permission screen mindlessly, yes. Why? Almost every app needs network access, after some time I got bored reading through the list of permission they require.
BUT - the apps I install are well established apps with overwhelmingly positive reviews (based on a large number of reviewers). That's basically it - just use common sense.
And yeah, I enabled geolocation - not allowing it doesn't make me any safer. The information is NOT shared with the world by default, but it helps with weather apps, and targeted ads in the few ad supported apps I have. And I do prefer those to random shit from accross the world... So, as I said, just use it, the Market is pretty safe, but don't install just released apps mindlessly (you won't need to anyway, the quality of apps in the market has increased dramatically since I started using my Nexus last August).
That said, I never ever do anything like online banking on my phone. I have a PC and a Laptop (well, slate actually) for that. I entered my password for sync (gmail/picasa/calendar/etc) when starting up the phone the first time. So even if some app installs a secret keylogger (very very unlikely with the above common sense measures) what can they get? My text messages? I'm not in the habit of writing lenghty emails on my phone either... So never type sensitive passwords (banking, cc numbers, passwords) - and that's about it. If you need apps that want some password (Skype, YM, whatever) install them first before installing anything else. And just enjoy your phone, don't be too paranoid - I'm very very satisfied with my Nexus (ran cyanogenmod for some time, but switched back to stock, running Gingerbread 2.3.3 now + Go Launcher) - it's a very well built, sturdy little thing.