I don't know who recommended you turn off your firewall just because you have a router.
For as long as I can remember, the standard operating procedure with regard to firewalls as promulgated in these forums and their predecessor MacFixIt Forums has been to turn on and configure the router's hardware firewall, and to turn off the firewall provided by the OS. As tacit explained, the rationale was and still is that two sequential firewalls don't provide extra security, but may cause various problems, the least of which can be unnecessary delays when surfing the web. Selecting the hardwired router firewall is generally considered preferable over the software-only version of the OS.
That said, this does not necessarily apply to situations outside of your home setup, where you use an unknown router with equally unknown firewall settings. In those cases, you may choose to enable your OS firewall anyway, as long as you understand that you may run into access issues caused by interference of the two sequential firewalls. Here too, configuration specifics are important.
Public WiFi is inherently insecure, because traffic between WiFi hotspot and client can easily be monitored by third parties. Since this traffic is frequently not encrypted, sensitive data may be exposed to malfeasants. When you only need to surf the web without exchanging sensitive data, public WiFi is probably OK. But the secure use of email (where password exchange occurs transparently and unnoticed simply by using your preconfigured email client) and online account access (requiring passwords and/or credit card numbers) requires a VPN type of connection.
VPN services are not usually free, but there are affordable options, from temporary/timed to continuous. They have the additional advantage of thwarting the use of so called '
supercookies' which are increasingly stalking both smart phone and home computer users.
