Cisco PIX boxes still aren't the be all and end all of firewalls.
To repeat: Any firewall, unless you set it up properly, is insecure. This includes PIX firewalls.
I've got an OpenBSD machine I use as my "firewall" - it's got very few open ports (less than the fingers on one hand), and OpenBSD is a
very secure OS (Only one remote hole in the default install, in more than 7 years). I consider that to be "good enough" for my purposes.
Given OpenBSD's security record, I feel that I can discount the "firewall getting hacked" possibility and concentrate on just the packet filtering job of the firewall.
And, just for fun, I did a quick google search for you, -Anders:
A year-ish old vulnerability report from Cisco on their PIX firewalls. Everything has holes. Everything.