sensors, thats true... by default the firewall is very open, but bear in mind there is a powerful IPS engine running behind it, so malicious traffic should be picked up that way.
As Vikram-Kumar said, when we first released SEP we took the approach "block all incoming" but quickly had to change that as people installed the full client onto their servers without doing much research (hey, it was only an "upgrade" from their AntiVirus product after all) and instantly none of their clients could talk to their servers, or, in extreme cases, get IP leases.
As you can imagine, that generated a MASSIVE number of support calls and of course, every single one of them was "our fault" For that reason, the on high decision was made to change the default ruleset to what you see in the product now. Is it probably too open? Yes, but we are working on that. Our SBE product is already a little better in terms of configuration for the firewall and that will come across to SEP in the next version, along with some better default rules, but we are never going to be able to please everyone out of the box :-)