One thing to beware of is that some VPNs can make the PC/device more vulnerable to incoming attacks that normally are blocked by most NAT routers and hardware firewalls.
For example, HMA's VPN service assigns a public IP address to the connected device with most of its servers. This means that even if the NAT router does not have any ports forwarded or even if the ISP operates a carrier grade NAT, the VPN connection itself will allow incoming connections to the public IP address it assigned for the VPN connection.
I have been able to test this by setting up a virtual PC with a web server that allows web access and connecting to HMA. The PC running the virtual PC was connected to the web with a 3G connection. With my laptop connected to my home DSL connection, I entered the public IP address HMA assigned into Firefox and up came the test webpage I placed on the web server. Once I disconnected the VPN, I could no longer load the webpage, but once I reconnected the VPN and entered the new IP address HMA assigned, up came the webpage again.
So for anyone planning on signing up to a VPN service, check whether they allow incoming connections as no amount/level of firewall protection between the PC's network port and the web and will do much good if the VPN connection circumvents it all.