Physical access is the first breach in security, no matter what system used.
Yes, the password will be encrypted, but that will not safe your data from being read if somebody has physical access if the data is unencrypted.
If you actually use encryption, yes, if not, no.
None by default, the best protection is always “brain 1.0 or higher”, software does not solve the main poroblem about malware, the (most times dumb acting to get infected) user.
Yes there is a “basic firewall” and no it does not let you configure which programs are not allowed to contact the net.
The reason is simple, although “personal firewalls” claim and pretend to do that, it does not work and makes no sense at all.
If you don’t trust an application, simply don’t use it.
If configured correctly, there is not even the need for a firewall, especially on a desktop system.
There is AppArmor but it is not easy to configure, however, configured correctly it may help “restricting” certain applications, still, simply not using them is the easier and much more logical way.
The main key to security is the user, not some fancy software telling you “you are secure now”.
Security is a concept, not a piece of software.