NAT is security theather. The only reason that IT newcomers *think* it is secure is because NAT devices have default firewall rules that block incoming traffic. But NAT by itself won't protect you. If you do want to have stuff inaccessible to the internet, that's what the site scope was made for. People asking for NAT on IPv6 actually fail at grasping IPv6.
NAT is a cheap hack added to IPv4, intended to alleviate the addy space exhaustion; it breaks a LOT of stuff but ppl don't see the breakage because of cheap hacks made on apps to "fix" it.