Both solutions have their benefits and drawbacks as you have observed. Generally speaking ...
The firewall appliance will filter and route port and protocol traffic but doesn't care about application-level stuff (e.g., it doesn't know if the port 80 traffic originated from Netscape Navigator or Kazza). The up side is that the entire LAN receives its protection from a single point. The down side is that trojans and worms riding on port 80 (and similar scenarios) cannot be blocked.
The personal firewall approach will also filter port and protocol traffic as well as block or allow traffic at the application level but won't do port routing. (Port routing is of importance only if you are offering services to the WAN.) The up side is that the user can control which applications access the WAN and the LAN. The down side is that only a single machine is protected.
IMO (naturally), leaks should never exist except in salads, soups (properly spelled "leek"), sieves, or in the general vicinity of a water closet, tree, or other isolated area. If a firewall leaks, it isn't much of a firewall. If your concern is along those lines, it would be prudent to consider multiple layers of firewalls - both appliance and personal firewall solutions.