Until someone install something else on the network segment. Like a wireless access point. Or until malware takes over one of the trusted hosts.
Security vulnerabilities always involve violations of some assumptions you make, e.g. that anything coming from a certain set of hosts is benign, or that if a process on a server opens up an IP port it's *supposed* to do that. You want the security of a system to depend on as few assumptions as possible. If it does no harm in day to day operations and offers protection when your assumptions fail, why *not* run a software firewall?