That's a legacy bit that a lot of people will have a hard time adjusting to when IPV6 becomes more mainstream. Basically every piece of gear in your house can have a routable IP under that scheme and then suddenly your edge router configuration becomes a lot more important.
They should have just expanded the address space in v6 (5?) I reckon (and maybe any warts from history that needed cleaning up).
It's funny that this still needs to be brought up, but I understand why some people think that NAT offers some real protection.
Basically NAT makes it difficult (without setting up forwarding, etc) for non-malicious-you to reach a device that's behind one, ergo non-malicious-you believes that NAT is providing protection.
"If it's impossible for me to access a port behind a NAT it must be hard for everyone".
Of course the whole point of a NAT gateway is to poke holes in itself (indiscriminately) so that devices behind it can talk to the world.
I wonder what will happen when the whole world is on IPv6 and we don't need NAT anymore - is a consumer wifi router with an actual firewall going to be common, or are we still going to use NAT to "isolate" devices on our local network.
Personally I'm a fan of IPv4 only because I can actually remember the addresses - every time I deal with a v6 address it's copy/paste or bust - forget being able to verbally share the address of a thing.
Mind you I no longer do network consulting, so the only IP address I remember these days is 126.96.36.199. I guess it won't affect my work ¯\_(ツ)_/¯.
Nowhere was it suggested that NAT was part of the security strategy... which you are right, is a very bad idea.