My "main issue" with it is that if people are used to being behind NAT, they now have to be a bit more careful about securing their computers (firewall etc.) because every computer now is publicly accessible. Most routers do not even seem to have an IPv6 firewall.
The 'residential gateway' for my attached fiber connection doesn't allow incoming syns for the ipv6 addresses it hands out and I couldn't even find a way to tell it to let me actually use the internet as intended, other than bypassing it (which works fine).
Most endpoints these days don't have much if anything listening by default though. The reality is that even trusted local networks are hostile networks, and vendors have responded to that.
Ultimately we do need to secure our endpoint devices. They need to be secure by default. NAT and firewalls let us get away with insecure broken OSes and services for a while, but not forever, and they create the "soft underbelly problem" where once someone manages to hop your firewall everything is vulnerable.
NAT does not provide access protection. NAT only hides the lack of access protection when it isn't there. A stateful firewall provides access protection, and that works with both IPv4 and IPv6.
Also some implementations (including Windows) [0] expose the MAC address of your device to the Internet, creating a huge privacy problem. IPv6 is a mess.
One of these days yall are going to see it my way... in which I think ipv6nat is important to use despite everything you hear about ipv6nat saying it should never be used, usually by people theorycrafting instead of being responsible for actual systems. (Cue the "but nat was never very secure" etc comments.)
