NAT is NOT a firewall. Meaning that you haven't hid anything and you are not secure. Also NAT is a huge reason why IPSec doesn't work. It breaks the internet.
Oh look, it's one of those purist types.
If an arbitrary host can't reach through my router and connect to an arbitrary device in my home network, guess what? That's effectively a firewall. Yes it's not a _packet filtering_ firewall, but who cares? The end effect is the same. NAT takes multiple devices that only need to connect to other internet hosts (not be connected to themselves) and lets it work.
In a NAT situation, the return packets from the host my PC is surfing to are translated so it all functions. If that same PC were on a public IP, a stateful firewall would open the return ports so the packets could get back to the PC from the web server. Care to tell me what's insecure about one vs. secure about the other? Unless there's actual inspection going on, those return packets could have the same bad data in them regardless. I'm not "more secure" simply because a slightly smarter device managed to let me make the same de facto connection to a web server that a basic NAT device would. I'm only _truly_ secure if my intermediate device, be it a NAT router or a stateful firewall, can actually inspect the return traffic and stop it from reaching my PC if it's bogus or bad.
And IPSec didn't take off because it was WAY too complex, and stupid parts of it like AH mode and transport mode should have never made it in. There are multiple overlapping ways to do the same thing and there didn't need to be.