Most hardware firewalls only provide inbound protection not outbound. Connections originating from your system will be able to get back in to your system without a second glance from your firewall as the request originated from your system.
You only have to browse the viruses and worms forum to see that many are already in your house, they have already got past your firewall and AV. The first people know is when they try to get outbound connections to malicious sites and avast alerts.
So outbound protection is none the less important; to use your analogy, OK the thief has got in, but you want to catch him and not let him out to continue his criminal activity.