Do you not get the concept of logs? When a connection is made or attempted, it's LOGGED which can be viewed at later use. A simple netstat would miss TONS of connections. Thus you won't know every connection on every port that's been attempted.
As long as the firewall verifies its sent by you they will allow it
Wrong. Zonealarm asks permission for things to connect to the internet. It has the application, port, and destination address, and gives you a choice to allow or block it.
Packet sniffing: If a script kiddy could packet sniff, there'd be a lot more at stake then a runescape account. I don't think a person with them capabilities would waste time on a runescape account.