Well, I can never resist the urge to expound upon some trivial technical subject, so here goes...
I'm assuming you already know what NAT is. (If you don't know, NAT is how you can share one IP address and Internet connection among several computers. If you have a home router, you are almost certainly using NAT.)
One of the disadvantages of NAT is that, if you're behind a NAT gateway, you can't receive incoming connections. This doesn't affect web browsing, for instance, because when you load a web page, your computer initiates the connection. On the flip side, if you try to run a web server behind a NAT, you'll encounter a problem, because no one on the Internet will be able to open a connection with your web server.
Naturally, this also affects peer-to-peer connections and other things. It was decided that it would be nice if there were some kind of automated system for forwarding incoming connections, so that actual human beings would never have to deal with this shit.
UPNP is one method of solving this problem. A UPNP-enabled program can ask your router to automatically forward incoming connections for you. Unfortunately, UPNP is an ill-considered hack of a protocol. Different routers have different UPNP implementations, but on many routers, a program can ask the router to do something stupid and dangerous and the router will happily comply.
To make matters worse, it's very easy to forge a UPNP request. Adobe Flash Player will gladly do it, if you load a Flash object which instructs it to do so.
Here's an example of a UPNP exploit. This actually happened to me once, and even though I managed to isolate and fix the problem in a few minutes, it took me a few weeks to figure out what the fuck happened.
You, being an innocent web user, inadvertently load a Flash object on a malicious website. The Flash object instructs your copy of Adobe Flash Player to send an instruction to your UPNP-enabled router that causes said router to redirect all outgoing UDP traffic on port 53 to a server in Russia.
The next time you click on a link to a website your computer hasn't visited recently, you find that you get redirected to a hardcore pornography website in Russia. In fact, every website you visit links to the exact same website, except for sites you've visited recently. The reason for this is that when your computer loads a URL, like google.com, it has to send a DNS query to find the IP address that corresponds to that URL (unless it has already visited that site, in which case it probably knows the IP already). These DNS requests are sent on UDP port 53; so when that malicious website from last paragraph sent a UPNP request to your router, it was hijacking your DNS and (by proxy) almost the whole God damn Internet.
Oh, and as much as it will probably piss Que off, the two cheapest and most practical solutions to this problem are sold almost exclusively by Apple.
