How secure are (cisco) ACL's?

["Chris Hughes" <chughes () rpm com>]

In a discussion I had with a co-worker, I expressed my opinion that
Firewall1 bounded by two routers (choke/gate/choke) was probably a better
solution than a PIX front-ended by a single router (choke/gate).

His response was that ACL's on the front-ended PIX would be sufficient
security.  In fact, he stated, a single router with comprehensive ACL's
would be sufficient for low-bandwidth internet connections.

On the surface, it does seem that NAT in conjunction with comprehensive
ACL's is secure.  However, I have read about stateful inspection(not well
implemented on cisco) and know that this can be a problem when depending on
ACL's to do the job.

With my limited knowledge I was not able to argue my point.  Can someone
explain and/or point me to material I can digest and come back swinging in
my next encounter like this?  Also, I need to read up on choke/gate/choke
and other security architectures.  Any guiding shove in the right direction
will be deeply appreciated.

Commentary is welcome...