A bit more detail:

It appears that the firewall is fairly picky about the circumstances in which it's willing to let OmniFocus sync, even when it's on the approved list. It also appears that it caches a certain amount of information - if it decides to block us, the decision gets cached even if the settings change subsequently.

We're going to communicate these issues with the firewall to Apple, but for obvious reasons, Apple doesn't give apps the ability to modify the way the firewall behaves to suit themselves.

If you're having trouble getting through the firewall, you may want to try the following steps in this order:

Ensure that OmniFocus is on the approved list.
Turn the firewall off.
Ensure Web Sharing is enabled.
Turn the Firewall on.
Launch OmniFocus.