Virtualized routers and firewalls are more common than you might think, specially in large datacenters and other deployments that require a lot of flexibility / SDN.
Other people just like the convenience of having a single machine / mini PC whatever that runs everything from their router/firewall to their NAS and VMs to self-host stuff.
But… at the end of the day virtualization is only mostly secure and we’ve seen cases where a compromised VM can be used to gain access to the host or other VMs, in this case the firewall could be hacked to access the entirety of your network.