Exactly. Whoever wrote that obviously doesn't understand NAT, and that it doesn't need a firewall to provide security. How is anyone going to send packets to a PC at 192.168.1.100 from outside the NAT unless ports are being forwarded, or even send packets to the router unless there are open ports on the router on the WAN interface side. Typically management from e.g. HTTP is only enabled on the LAN by default, so the clueless home user doesn't have to worry about it.
Security may not have been the reason for its existence, but it was a highly serendipitous benefit.