The security comes from FORCING people to use NAT
If IPv4 addresses were plentiful enough NAT never existed in consumer level products, most people would have had their PC and other home devices directly exposed to the internet. Wireless APs would not be routers, because they wouldn't need to route. They'd bridge your wireless and wired nets, and wireless devices would be directly exposed to the internet.
The average person would be at the mercy of their ISP for security, hoping that their cable/DSL modem provided a firewall, and that firewall defaulted on. OK, in 2018 even crappy ISPs like Comcast would do that, but 10 years ago? Many people would have been unprotected, and even though things would be bad and ISPs would encourage people to enable the firewall would be loathe to force the config on everyone because they'd know how many things that used to work would break and how many support calls they'd get. They'd wait until the user upgraded something and needed a new modem, and give them one with the firewall on by default.
The hacks they could blame on the end user, or Microsoft, or anyone else but themselves. If they pushed a new config on people's equipment they'd have to take the blame from angry customers themselves.