A hardware VPN is better than a software VPN for reasons other than secure communications.
If you use a Microsoft operating system with software VPN, then you will need to patch the Microsoft OS everytime a patch is released. In the case of the hardware VPN, most times the upgrade or patch is complete and done once a year. As for encryption, both hardware and software do excellent jobs. You must also consider totally hardening the OS in the Microsoft case, while on the hardware solution you are guaranteed the OS is fully hardened without you even lifting a finger to do so.

As for a hardware VPN on a laptop, most VPN clients are software based. These clients will typically take over all services on a device while the VPN session is established, then release them afterwards. This is the case with all VPN clients simply because you want a secure connection on a secure device -- not one that someone connects to your VPN, then decides to use that same connection to, say, surf the Internet. Dual communications where one is non-encrypted and one is encrypted is not a very good security practice, thus most clients will take over and not allow any other connection until the time the session is terminated.

There is a laptop hardware solution. This would entail a secure NIC (network interface card) that can only be used for a VPN, but these have huge issues. Since your communication is still a secure TCP/IP packet wrapped with an unsecured TCP/IP packet (to route through the Internet), it is kind of still the same concept as software. The only difference is the hardware will do the encryption and take the CPU load off the computer.

Using an existing Windows NT/2000/2003 box as a VPN gateway is tempting to those who already have a spare PC and Windows software and some experience in administering Windows. All of these Windows operating systems support the Point to Point Tunnelling Protocol (PPTP); 2000 and 2003 also support the Layer Two Tunnelling Protocol (L2TP) over IP Security (IPsec).
However, many businesses still buy a hardware firewall/VPN appliance instead of using Windows as their VPN gateway. For one thing, you'd need to harden your Windows server, shutting down all unused services, blocking non-VPN traffic, etc. Firewall/VPN appliances are already hardened right out of the box, designed to face an untrusted network like the Internet.

Next, there's the issue of performance. Although you can buy LAN cards that add IPsec acceleration to your PC, your Windows gateway will probably encrypt packets in software on a general purpose CPU. Firewall/VPN appliances often include hardware acceleration, performing encryption using hardware for higher throughput and lower latency. Sometimes this is an option, so look closely at appliance specs.

Then there's dedication to the task at hand. A Windows server is running plenty of software and services that have nothing to do with your VPN, and you will spend time turning these off or getting rid of them to create a dedicated VPN gateway. A firewall/VPN appliance should not carry this extra baggage. Be aware that some low-end appliances run commercial-off-the-shelf *NIX operating systems.

That brings us to CVEs and attacks against known vulnerabilities. Firewall/VPN appliances that run custom operating systems are less likely to be vulnerable to common threats that plague normal operating systems and related services. Some argue that custom operating systems are less thoroughly tested and so may have more undiscovered vulnerabilities, but normal operating systems are simply a bigger, juicier target for attackers. With either solution, it is essential to apply the latest security patches and stay on top of new CVEs. However, you'll probably have more patches to apply if you use Windows as your VPN gateway.

Finally, there is the question of which VPN protocol you plan to use. Some small businesses use PPTP because it is easy to configure and their risk level (and security know-how) is modest. However, most businesses should try to use IPsec instead, since this approach offers much stronger security. Unfortunately, IPsec is much harder to configure correctly, and requires that you issue every VPN client a digital certificate or a (group) preshared secret. If you use Windows as your VPN gateway, then you will need to be running Windows on every client PC, or a third-party VPN client that supports L2TP-over-IPsec.

If you use a firewall/VPN appliance, you can probably use "vanilla" IPsec instead of L2TP-over-IPsec. Many appliances are supplied with VPN client software that has been fine-tuned to work with the appliance -- for example, supporting extended authentication, dynamic IP address delivery, network address translation traversal, and automated configuration. Depending upon the appliance and its management software, you may find these VPN clients are easier to administer than the native Windows client. For example, some appliances generate an install package that contains both the VPN software and configuration.

Microsoft fans will note that using the native Windows VPN client avoids installing software, but you still need to configure that client. Either way, IPsec client administration is no fun, so a growing number of appliances now support SSL tunnelling as an alternative to PPTP, L2TP, or IPsec. SSL VPN appliances vary a good bit in features and application support, but if you're just starting your VPN now, consider this option now before you invest in IPsec clients.