I just ran into this same problem while installing PCLinuxOS 2010.10 XFCE. I see a bit of a security hole here, but perhaps I am being overly paranoid.
Between the time that you connect to the internet in order to perform those re-installs (see above) to the time that the firewall is running, you may be wide open to any number of exploits over the Internet. But, again, maybe I misunderstand the exact inner workings of this system. Please clarify if so. If not, then there is a (albeit possibly) short window of vulnerability to be concerned with.
I have installed 2010.1 and 2010.7 several times due to various strange phenomenae, not all of which are necessarily related to security breaches. However, my system was not otherwise protected during those installs, which likely means that it was vulnerable. Perhaps at least some of my stability issues are related, particularly the one I posted recently about some klog messages "penetrate" which I cannot find the source of.
This time, installing 2010.10, I am sitting behind my trusty ipcop firewall machine, which I re-added to my "network" after the last install when I discovered that shorewall did not properly work. I am hoping that I may find fewer problems this time. But time will tell.
At any rate, this certainly seems like a serious security problem, and could leave new PCLinuxOS users with the wrong impression and drive them away to other distros. Again, unless I misunderstand something.