Re: "nat-has-nothing-to-do-with-security"
NAT is not a "security by obscurity". It's the equivalent of a DENY ALL rule for incoming connections. If it doesn't have a rule to deliver a packet, it will drop it. Raw, simple, but effective. And - important - cannot be disabled but for a single host, usually.
"you'll find that millions of systems are compromised with ease" behind expensive firewalls as well. Because some users behind the firewall are true lusers, and because some firewall administrators are lusers as well (writing and maintaining sensible fw rules require some efforts..). So let's get rid of firewalls?
I've seen companies with lame fw rules, and buttocks saved by the NAT ones. Layered defense is not exactly "security by obscurity".