Assuming that your Pocket PC is connected to your regular PC via the cable on the cradle, and the regular PC is behind a firewall, then your Pocket PC has exactly the same protection as your regular PC.
However, if you have a WiFi connection, infrared, or BlueTooth connection, then anything within broadcast range can bypass the regular PC and talk directly to the Pocket PC, so you could be in danger.
Now you have to look at the other side of things: what if you didn't have a firewall, what could someone pinging your Pocket PC do? For an attack to succeed, you must be running a server of some kind on your machine. That server must be listening on a port.
The only standard server listening on a Pocket PC should be ActiveSync itself, but you could install other servers. Hack attempts are generally targeted to a particular server. So unless there is a bug in ActiveSync (which is certainly possible), or you have installed a server on the Pocket PC that is well known enough to hack, I would think that you should be safe even if you weren't behind a firewall.